CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32170 – Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32170
Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this vulnerability in that the target must choose to accept a client certificate. The specific flaw exists within the processing of client certificates. The issue results from the lack of proper validation of certificate data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt https://www.zerodayinitiative.com/advisories/ZDI-23-775 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37013 – Unified Automation OPC UA C++ Infinite Loop Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-37013
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://documentation.unified-automation.com/uasdkcpp/1.7.7/CHANGELOG.txt https://www.zerodayinitiative.com/advisories/ZDI-22-1029 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37012 – Unified Automation OPC UA C++ Improper Update of Reference Count Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-37012
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://documentation.unified-automation.com/uasdkcpp/1.7.7/CHANGELOG.txt https://www.zerodayinitiative.com/advisories/ZDI-22-1030 • CWE-911: Improper Update of Reference Count •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27434
https://notcve.org/view.php?id=CVE-2021-27434
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. Productos con el programa Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versiones V3.0.7 y anteriores (solo versiones de .NET 4.5, 4.0 y 3.5 Framework) son vulnerables a una recursividad no controlada, que puede permitir a un atacante desencadenar un desbordamiento de pila • https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-674: Uncontrolled Recursion •