Lucene search

IcscertCVELIST:CVE-2023-7234

HistoryJan 16, 2024 - 6:11 p.m.

CVE-2023-7234 Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs

2024-01-1618:11:50

CWE-117

icscert

www.cve.org

cve-2023-7234

integration objects

opc ua server toolkit

improper output neutralization

logs

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client’s self-defined description field.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OPC UA Server Toolkit",
    "vendor": "Integration Objects",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

integrationobjects.com//ask-a-question/

www.cisa.gov/news-events/ics-advisories/icsa-24-016-02

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-7234