Lucene search

GitHub Advisory DatabaseGHSA-VPF7-R2FV-75M9

HistoryMay 05, 2023 - 2:19 a.m.

Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server

2023-05-0502:19:39

CWE-400

GitHub Advisory Database

github.com

opc ua

.net

reference server

vulnerability

remote attackers

server memory

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

16.2%

JSON

This security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows
remote attackers to send malicious requests that consume all memory available to the server.

https://files.opcfoundation.org/SecurityBulletins/OPC Foundation Security Bulletin CVE-2023-27321.pdf

Affected configurations

Vulners

Node

opcfoundation.netstandard.opc.ua.serverRange<1.4.371.86

CPENameOperatorVersion
opcfoundation.netstandard.opc.ua.serverlt1.4.371.86

CPE	Name	Operator	Version
	opcfoundation.netstandard.opc.ua.server	lt	1.4.371.86

References

files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-27321.pdf

github.com/advisories/GHSA-vpf7-r2fv-75m9

github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-vpf7-r2fv-75m9

nvd.nist.gov/vuln/detail/CVE-2023-27321

www.zerodayinitiative.com/advisories/ZDI-23-548

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for GHSA-VPF7-R2FV-75M9