CVE-2023-28831
https://notcve.org/view.php?id=CVE-2023-28831
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Las implementaciones de OPC UA (ANSI C y C++) en los productos afectados contienen una vulnerabilidad de desbordamiento de enteros que podría provocar que la aplicación se ejecute en un bucle infinito durante la validación del certificado. Esto podría permitir que un atacante remoto no autenticado cree una condición de denegación de servicio enviando un certificado especialmente manipulado. • https://cert-portal.siemens.com/productcert/html/ssa-118850.html https://cert-portal.siemens.com/productcert/html/ssa-711309.html https://cert-portal.siemens.com/productcert/pdf/ssa-118850.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf • CWE-190: Integer Overflow or Wraparound •
CVE-2022-38773
https://notcve.org/view.php?id=CVE-2022-38773
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code. • https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdf https://cert-portal.siemens.com/productcert/html/ssa-482757.html • CWE-1326: Missing Immutable Root of Trust in Hardware •
CVE-2021-40365
https://notcve.org/view.php?id=CVE-2021-40365
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation •
CVE-2021-44695
https://notcve.org/view.php?id=CVE-2021-44695
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVE-2021-44694
https://notcve.org/view.php?id=CVE-2021-44694
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •