CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41185 – Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-41185
30 Aug 2023 — Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overf... • https://www.zerodayinitiative.com/advisories/ZDI-23-1286 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32170 – Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32170
31 May 2023 — Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this vulnerability in that the target must choose to accept a client certificate. The specific flaw exists within the processing of client certificates. The issue results from the lack of proper validation of certificate data. • https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32171 – Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32171
31 May 2023 — Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportCsv method. A crafted XML payload can cause a null pointer dereference. • https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2023-32172 – Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32172
31 May 2023 — Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the ImportXML function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt • CWE-416: Use After Free •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-32173 – Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32173
31 May 2023 — Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML ... • https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 9.1EPSS: 3%CPEs: 1EXPL: 0CVE-2023-32174 – Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32174
31 May 2023 — Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the handling of NodeManagerOpcUa objects. The issue results from the lack of validating the existence of an object prior to performing operations o... • https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37012 – Unified Automation OPC UA C++ Improper Update of Reference Count Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-37012
28 Jul 2022 — This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://documentation.unified-automation.com/uasdkcpp/1.7.7/CHANGELOG.txt • CWE-911: Improper Update of Reference Count •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37013 – Unified Automation OPC UA C++ Infinite Loop Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-37013
28 Jul 2022 — This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://documentation.unified-automation.com/uasdkcpp/1.7.7/CHANGELOG.txt • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27434
https://notcve.org/view.php?id=CVE-2021-27434
20 May 2021 — Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. Productos con el programa Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versiones V3.0.7 y anteriores (solo versiones de .NET 4.5, 4.0 y 3.5 Framework) son vulnerables a una recursividad no controlada, que puede permitir a un atacante desenc... • https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-674: Uncontrolled Recursion •