Unified-Automation Uagateway vulnerabilities
6 known vulnerabilities affecting unified-automation/uagateway.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-32174P2CRITICALCVSS 9.1fixed in 1.5.14.4952024-05-03
CVE-2023-32174 [CRITICAL] CWE-416 CVE-2023-32174: Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. Th
Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration.
The specific fl
nvd
CVE-2023-41185P3HIGHCVSS 7.5fixed in 1.5.13.4872024-05-03
CVE-2023-41185 [HIGH] CWE-190 CVE-2023-41185: Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. T
Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of
nvd
CVE-2023-32172P3MEDIUMCVSS 6.5fixed in 1.5.13.4872024-05-03
CVE-2023-32172 [MEDIUM] CWE-416 CVE-2023-32172: Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vuln
Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the I
nvd
CVE-2023-32171P3MEDIUMCVSS 6.5fixed in 1.5.13.4872024-05-03
CVE-2023-32171 [MEDIUM] CWE-476 CVE-2023-32171: Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability.
Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability.
The specific flaw exists within the ImportCsv met
nvd
CVE-2023-32170P4MEDIUMCVSS 6.5fixed in 1.5.13.4872024-05-03
CVE-2023-32170 [MEDIUM] CWE-20 CVE-2023-32170: Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability
Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this vulnerability in that the target must choose to accept a client
nvd
CVE-2023-32173P4MEDIUMCVSS 5.8fixed in 1.5.14.4952024-05-03
CVE-2023-32173 [MEDIUM] CWE-91 CVE-2023-32173: Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerabi
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration.
The specific fla
nvd