PT-2023-3424 · Unified Automation · Unified Automation Uagateway
0Vercl0K
+1
·
Published
2023-05-31
·
Updated
2025-08-08
·
CVE-2023-32171
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Unified Automation UaGateway (affected versions not specified)
Description
This issue allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this issue. The specific flaw exists within the
ImportCsv method, where a crafted XML payload can cause a null pointer dereference, allowing an attacker to leverage this issue to create a denial-of-service condition on the system.Recommendations
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unified Automation Uagateway