CVE-2023-32787

Published: May 15, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.

Affected (4)

Products: Opcfoundation: Ua Java Legacy · Prosysopc: Ua Historian, Ua Modbus Server, Ua Simulation Server

1 product

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opcfoundation Ua Java Legacy	Before 2023-04-28

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Prosysopc Ua Historian	Before 1.2.0
Prosysopc Ua Modbus Server	Before 1.4.20
Prosysopc Ua Simulation Server	Before 5.4.2

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/OPCFoundation/UA-Java-Legacy

Source: cve@mitre.org

Product

https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0

Source: cve@mitre.org

Patch

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/OPCFoundation/UA-Java-Legacy

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.