CVE-2023-27321

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGH

EPSS

1.3%

top 20.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Energy Manager Basic Siemens Simatic Energy Manager PRO Siemens Simatic IPC Diagbase +5 more

Timeline

PublishedMay 7

Description

OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An att…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NuGetOPCFoundation.NetStandard.Opc.Ua.Server< 1.4.371.86

▶NVDopcfoundation/ua-.netstandard< 1.4.371.86

▶CVEListV5opc_foundation/ua_.net_standard1.4.371.60

▶CVEListV5siemens/simit_v10< *

▶CVEListV5siemens/simit_v11< V11.1

🔴Vulnerability Details

CVEList

OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability↗2024-05-07

▶

OSV

Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server↗2023-05-05

▶

GHSA

Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server↗2023-05-05

▶