CVE-2023-28831

CWE-190Integer Overflow3 documents3 sources
Severity
8.7HIGH
EPSS
0.6%
top 29.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
175
Siemens Simatic BraumatSiemens Simatic Cloud Connect 7 Cc712Siemens Simatic Cloud Connect 7 Cc716+172 more
Timeline
PublishedSep 12
Latest updateSep 20

Description

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages175 packages

CVEListV5siemens/sinumerik_mc< V1.22
CVEListV5siemens/sinumerik_one< V6.22
CVEListV5siemens/simatic_sistar< V8.1 SP1
CVEListV5siemens/simatic_braumat< V8.1 SP1
CVEListV5siemens/simatic_pcs_7_v9.1< V9.1 SP2 UC08

🔴Vulnerability Details

2
GHSA
GHSA-p7vc-4gr6-g2px: The ANSI C OPC UA SDK contains an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate vali2023-09-20
CVEList
CVE-2023-28831: The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run int2023-09-12
CVE-2023-28831 (HIGH CVSS 8.7) | The OPC UA implementations (ANSI C | cvebase.io