Improper Check for Certificate Revocation in S2OPC_CVE-2026-6899

5.6 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Description

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate.

Basic Information

ID CVE-2026-6899

Source GitLab

Published Jun 9, 2026 at 08:39

Affected Product

Vendor Systerel

Product S2OPC

Version 1.5.0

Affected Versions Systerel S2OPC 1.5.0

CWE Classification

CWE-299

References

gitlab.com /systerel/S2OPC/-/work_items/1739

{
    "lastseen": "",
    "description": "Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate.",
    "published": "2026-06-09T08:39:00.495Z",
    "modified": "2026-06-09T08:39:00.495Z",
    "type": "cve",
    "title": "Improper Check for Certificate Revocation in S2OPC",
    "source": "GitLab",
    "references": "https://gitlab.com/systerel/S2OPC/-/work_items/1739",
    "id": "CVE-2026-6899",
    "bulletinFamily": "",
    "cwe": [
        "CWE-299"
    ],
    "cvelist": null,
    "sourceData": "Systerel S2OPC 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "S2OPC",
    "version": "1.5.0",
    "vendor": "Systerel",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}