Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate.
AnalysisAI
Improper certificate revocation checking in S2OPC's CycloneCrypto wrapper permits OPC UA connections authenticated with revoked certificates. The library evaluates only the first Certificate Revocation List (CRL) matching a given CA and silently discards any additional valid CRLs issued by that same CA - meaning a certificate listed exclusively in a secondary CRL passes validation unchallenged. With CVSS 5.6 (AV:N/AC:H/PR:N/UI:N), all published versions of systerel/s2opc are affected per CPE. No public exploit code or CISA KEV listing has been identified at time of analysis.
Technical ContextAI
S2OPC is an open-source OPC UA (Open Platform Communications Unified Architecture) stack maintained by Systerel, designed for industrial and embedded environments. It wraps the CycloneCrypto library to handle PKI operations including certificate chain validation and CRL-based revocation checking. CWE-299 (Improper Check for Certificate Revocation) describes precisely this class of flaw: the implementation resolves the first CRL whose issuer matches the certificate's CA but does not iterate over additional CRLs issued by the same CA. In deployments where a CA has issued multiple CRLs - a common operational pattern when a CA rotates its CRL signing key or segments revocation lists - a revoked certificate whose serial number appears only in a non-first CRL will be treated as valid. The affected CPE is cpe:2.3:a:systerel:s2opc:*:*:*:*:*:*:*:* (all versions). OPC UA is heavily used in industrial control systems and SCADA environments, where mutual certificate authentication is a primary trust boundary.
RemediationAI
No vendor-released patched version has been confirmed from available data; the only reference is a GitLab work item at https://gitlab.com/systerel/S2OPC/-/work_items/1739, which should be monitored for an upstream fix or tagged release. Until a patch is available, operators should implement the following specific compensating controls: (1) Configure the OPC UA PKI to use OCSP (Online Certificate Status Protocol) instead of or in addition to CRL checking where supported, as OCSP queries are per-certificate and not subject to this multi-CRL ordering flaw; (2) Restrict the set of trusted CAs to those that issue only a single active CRL, reducing the attack surface to zero for that CA; (3) Implement network-layer access controls on OPC UA endpoints (default TCP port 4840) so that only known, pre-approved client hosts can initiate connections, limiting the pool of parties who could exploit a revoked-but-valid-appearing certificate; (4) Audit currently issued and revoked certificates across all trusted CAs to identify whether any revoked certificates are distributed across non-primary CRLs. Note that option 3 trades operational flexibility for security and may not be feasible in open industrial network architectures.
Same weakness CWE-299 – Improper Check for Certificate Revocation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35380
GHSA-j893-vcpr-rgfc