CVE-2023-41151
published 2023-12-14CVE-2023-41151: An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server…
PriorityP433high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.70%
48.5th percentile
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softing | opc | <= 5.30 | — |
| softing | opc_ua_c_+_+_software_development_kit | <= 6.20.1 | — |
| softing | secure_integration_server | <= 1.22 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Uncaught Exception
mitre_cwe·CVSS 7.5
[HIGH] CWE-248 Uncaught Exception
CWE-248: Uncaught Exception
An exception is thrown from a function, but it is not caught.
When an exception is not caught, it may cause the program to crash or expose sensitive information.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability, Confidentiality. Impact: DoS: Crash, Exit, or Restart, Read Application Data. An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this
CWE
Improper Handling of Exceptional Conditions
mitre_cwe·CVSS 7.5
[HIGH] CWE-755 Improper Handling of Exceptional Conditions
CWE-755: Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Other. Impact: Other.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the d
2023-12-14
Published