CVE-2022-30551 – Prosys OPC UA SDK for Java OPC UA Messages Resource Exhaustion Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2022-30551

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. OPC UA Legacy Java Stack versión 01-04-2022, permite a un atacante remoto causar que un servidor deje de procesar mensajes mediante el envío de mensajes diseñados que agotan los recursos disponibles This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA SDK for Java. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of OPC UA messages. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-30551.pdf https://github.com/OPCFoundation/UA-Java-Legacy https://opcfoundation.org • CWE-400: Uncontrolled Resource Consumption •