PT-2023-7448 · Opc Foundation · Opc Foundation Ua .Net Standard
Noam Moshe
+3
·
Published
2023-05-03
·
Updated
2024-05-08
·
CVE-2023-27321
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
OPC Foundation UA .NET Standard (affected versions not specified)
Description
This issue allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server, leveraging this to create a denial-of-service condition. Authentication is not required to exploit this issue.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opc Foundation Ua .Net Standard