CVE-2023-32171

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-32171
Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportCsv method. A crafted XML payload can cause a null pointer dereference. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20495.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt
https://www.zerodayinitiative.com/advisories/ZDI-23-776/
https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt
https://www.zerodayinitiative.com/advisories/ZDI-23-776/
Configurations

No configuration.

History

21 Nov 2024, 08:02

Type Values Removed Values Added
References () https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt - () https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt -
References () https://www.zerodayinitiative.com/advisories/ZDI-23-776/ - () https://www.zerodayinitiative.com/advisories/ZDI-23-776/ -
Summary
  • (es) Vulnerabilidad de denegación de servicio de desreferencia de puntero nulo del servidor UaGateway OPC UA de Unified Automation. Esta vulnerabilidad permite a atacantes remotos crear una condición de denegación de servicio en las instalaciones afectadas de Unified Automation UaGateway. Se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe dentro del método ImportCsv. un payload XML manipulada puede provocar una desreferencia del puntero nulo. Un atacante puede aprovechar esta vulnerabilidad para crear una condición de denegación de servicio en el sistema. Era ZDI-CAN-20495.

03 May 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-03 02:15

Updated : 2024-11-21 08:02

NVD link : CVE-2023-32171

Mitre link : CVE-2023-32171

CVE.ORG link : CVE-2023-32171

JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024