CVE-2023-27334

Опубликовано: 03 мая 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498.

Ссылки

https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1054/
Third Party Advisory
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1054/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*

Версия до 3.70 (исключая)

cpe:2.3:a:softing:edgeconnector:*:*:*:*:*:*:*:*

Версия до 3.70 (исключая)

cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:*:*:*:*:*:*:*:*

Версия до 6.20.1 (исключая)

cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*

Версия до 1.30 (исключая)

EPSS

Процентиль: 69%

0.00592

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

NVD-CWE-noinfo

Связанные уязвимости

GHSA-xf44-g8mj-xfg3

CVSS3: 7.5

github

почти 2 года назад

Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498.

EPSS

Процентиль: 69%

0.00592

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

NVD-CWE-noinfo