CVE-2025-11043

HIGH
2026-01-19 [email protected]
7.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 19, 2026 - 16:15 nvd
HIGH 7.4

Tags

Tls

Description

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

Analysis

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions up to 6.5 is affected by improper certificate validation (CVSS 7.4).

Technical Context

This vulnerability (CWE-295: Improper Certificate Validation) affects An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio. An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

Affected Products

Product: An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio. Versions: up to 6.5.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +37
POC: 0

Share

CVE-2025-11043 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy