PT-2023-3424 · Unified Automation · Unified Automation Uagateway

0Vercl0K

Publicado

2023-05-31

Atualizado

2025-08-08

CVE-2023-32171

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Unified Automation UaGateway (affected versions not specified)

Description This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this issue. The specific flaw exists within the ImportCsv method, where a crafted XML payload can cause a null pointer dereference, allowing an attacker to leverage this issue to create a denial-of-service condition on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

BDU:2023-03602

CVE-2023-32171

ZDI-23-776

Produtos afetados

Unified Automation Uagateway

PT-2023-3424 · Unified Automation · Unified Automation Uagateway

CVE-2023-32171

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10