CVE-2022-2274 Awareness

From OPC Labs Knowledge Base
Jump to navigation Jump to search

OPC Labs is aware of the OpenSSL CVE-2022-2274 vulnerability.

QuickOPC is not affected.

In general, QuickOPC does not use OpenSSL. There is one exception: The pre-built binary of OPC UA certificate generator utility (used when .NET Framework is the target platform), which comes from OPC Foundation, uses OpenSSL internally. It is not vulnerable either, because CVE-2022-2274 only affects version 3.0.4 of OpenSLL, but this utility is built with an older OpenSSL version.

In addition, starting with QuickOPC 2022.2, the OPC UA certificate generator utility will not be used in normal QuickOPC operations at all.