CVE-2023-32173

Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML configuration file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. . Was ZDI-CAN-20576.
Configurations

No configuration.

History

18 Sep 2024, 19:15

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de denegación de servicio de inyección XML de Unified Automation UaGateway AddServer. Esta vulnerabilidad permite a atacantes remotos crear una condición de denegación de servicio en las instalaciones afectadas de Unified Automation UaGateway. Se requiere autenticación para aprovechar esta vulnerabilidad cuando el producto está en su configuración predeterminada. La falla específica existe en la implementación del método AddServer. Al especificar argumentos manipulados, un atacante puede provocar que se inserten caracteres no válidos en un archivo de configuración XML. Un atacante puede aprovechar esta vulnerabilidad para crear una condición de denegación de servicio persistente en el sistema. Era ZDI-CAN-20576.
Summary (en) Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML configuration file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. . Was ZDI-CAN-20576. (en) Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML configuration file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. . Was ZDI-CAN-20576.

03 May 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-03 02:15

Updated : 2024-09-18 19:15


NVD link : CVE-2023-32173

Mitre link : CVE-2023-32173

CVE.ORG link : CVE-2023-32173


JSON object : View

Products Affected

No product.

CWE
CWE-91

XML Injection (aka Blind XPath Injection)