CVE-2023-32173

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Unified Automation UaGateway (affected versions not specified)

Description This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. The flaw exists within the implementation of the AddServer method, where specifying crafted arguments can cause invalid characters to be inserted into an XML configuration file, leading to a persistent denial-of-service condition. Authentication is required to exploit this vulnerability when the product is in its default configuration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2023-32173

ZDI-23-779

Affected Products

Uagateway

CVE-2023-32173

Weakness Enumeration

Related Identifiers

Affected Products

References · 6