Executive Summary

This vulnerability exists in the CycloneCrypto cryptographic wrapper of the S2OPC library, where the function responsible for checking certificate revocation only considers the first matching Certificate Revocation List (CRL) for a Certificate Authority (CA) and ignores any other valid CRLs.

As a result, if a certificate is revoked in a subsequent CRL that is not the first one checked, the system may incorrectly accept the revoked certificate, allowing a connection between an OPC UA client and server using that revoked certificate.

The issue was demonstrated by a test case where a revoked client certificate should have terminated the connection but instead remained active.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow a connection between an OPC UA client and server using a revoked certificate, which should normally be rejected.

This means that an attacker or unauthorized user with a revoked certificate might still be able to establish a connection, potentially leading to unauthorized access or communication within the system.

Such unauthorized connections can compromise the integrity, confidentiality, and availability of the system, as indicated by the CVSS score showing low impact on confidentiality, integrity, and availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by verifying whether the CycloneCrypto cryptographic wrapper in the S2OPC library properly checks all valid Certificate Revocation Lists (CRLs) for a given Certificate Authority (CA) rather than only the first matching CRL.

A practical way to detect the issue is to test connections between an OPC UA client and server using a revoked certificate that is listed in a secondary CRL but not the first one. If the connection remains active despite the certificate being revoked, the vulnerability is present.

Specifically, you can run or create a test similar to the `push_server_revoke` test case, which attempts to establish a connection with a revoked client certificate and expects the connection to be terminated.

There are no explicit commands provided in the resources, but monitoring logs for accepted connections with revoked certificates or using debugging tools to trace the `crt_verifycrl_and_check_revocation` function behavior in the CycloneCrypto library could help detect the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update the CycloneCrypto cryptographic wrapper in the S2OPC library to a version where the `crt_verifycrl_and_check_revocation` function has been fixed to check all valid CRLs associated with a Certificate Authority.

Until the fix is applied, avoid relying solely on the current CRL checking mechanism, as it may allow revoked certificates to be accepted.

Additionally, consider implementing external certificate revocation checks or additional security layers to ensure revoked certificates are not accepted in OPC UA client-server communications.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows a revoked certificate to be incorrectly accepted because the system only checks the first valid Certificate Revocation List (CRL) and ignores others. This can lead to unauthorized or untrusted connections between OPC UA clients and servers.

Such behavior can negatively impact compliance with security requirements in common standards and regulations like GDPR and HIPAA, which mandate proper certificate validation and termination of connections using revoked certificates to protect data integrity and confidentiality.

By not properly rejecting revoked certificates, the vulnerability undermines the enforcement of security controls that are essential for regulatory compliance.

Useful 0 Not Useful 0