CVE-2022-2274 Awareness

From OPC Labs Knowledge Base
Revision as of 15:42, 22 July 2022 by User (talk | contribs) (Created page with "Category:Security Bulletins OPC Labs is aware of the OpenSSL [https://nvd.nist.gov/vuln/detail/CVE-2022-2274 CVE-2022-2274] vulnerability. QuickOPC is not affected. In g...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

OPC Labs is aware of the OpenSSL CVE-2022-2274 vulnerability.

QuickOPC is not affected.

In general, QuickOPC does not use OpenSSL. There is one exception: The pre-built binary of OPC UA certificate generator utility (used when .NET Framework is the target platform), which comes from OPC Foundation, uses OpenSSL internally. It is not vulnerable either, because CVE-2022-2274 only affects version 3.0.4 of OpenSLL, but this utility is built with an older OpenSSL version.

In addition, starting with QuickOPC 2022.2, the OPC UA certificate generator utility will not be used in normal QuickOPC operations at all.