CVE-2023-26150 — MEDIUM (6.5)

Q: How severe is CVE-2023-26150?

CVE-2023-26150 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-26150?

Check the references section above for vendor advisories and patch information. Affected products include: Freeopcua Opcua-Asyncio.

Vulnerability Description

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Freeopcua	Opcua-Asyncio	< 0.9.96

Related Weaknesses (CWE)

CWE-287

References

https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121ExploitThird Party Advisory
https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2Patch
https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a9729Patch
https://github.com/FreeOpcUa/opcua-asyncio/issues/1014ExploitIssue TrackingThird Party Advisory
https://github.com/FreeOpcUa/opcua-asyncio/pull/1015Patch
https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96ProductRelease Notes
https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435ExploitPatchThird Party Advisory
https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121ExploitThird Party Advisory
https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2Patch
https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a9729Patch
https://github.com/FreeOpcUa/opcua-asyncio/issues/1014ExploitIssue TrackingThird Party Advisory
https://github.com/FreeOpcUa/opcua-asyncio/pull/1015Patch
https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96ProductRelease Notes
https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435ExploitPatchThird Party Advisory

FAQ

What is CVE-2023-26150?

CVE-2023-26150 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue i...

How severe is CVE-2023-26150?

CVE-2023-26150 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26150?

Check the references section above for vendor advisories and patch information. Affected products include: Freeopcua Opcua-Asyncio.