Exploitation of Cleartext Storage of Sensitive Information vulnerability allows remote attackers to obtain sensitive information about authentication methods and potentially gain access to the OPC UA server or CPU module. Additionally, the attacker can modify data during OPC UA protocol communication. As a result, the attacker can modify the data to inject malicious code or disable security mechanisms. CVE ID: CVE-2018-13083 Exploitation of Cleartext Storage of Sensitive Information vulnerability can be achieved by unauthenticated attackers. Vulnerable OPC UA server versions: OPC UA Server 1.9.9 and OPC UA Server 1.9.10 Vulnerable OPC UA Module Configurator-R versions: OPC UA Module Configurator-R 1.10.1 and OPC UA Module Configurator-R 1.10.2 Exploitation of Cleartext Storage of Sensitive Information vulnerability requires no privileged or administrative access. Unprivileged users can be affected. Mitigation and Prevention of Cleartext Storage of Sensitive Information vulnerability In order to prevent the exploitation of Cleartext Storage of Sensitive Information vulnerability, follow the recommendations: Upgrade OPC UA Server and OPC UA Module Configurator-R software to the latest versions.
Ensure that the OPC UA server and OPC UA module are properly configured.
Ensure that all third-party OPC UA servers and OPC UA modules are properly configured.
Update any vulnerable
References !---
Cleartext Storage of Sensitive Information vulnerability (CVE-2018-13083) https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13083
Vendor Information: N/A
Software Requirements :
Windows Vista SP2, Windows 7 SP1, Windows 8.1, or Windows 10
Intel Pentium D or a compatible processor
512 MB RAM
Timeline
Published on: 11/25/2022 00:15:00 UTC
Last modified on: 11/28/2022 21:04:00 UTC