Lucene search

PRIOn knowledge basePRION:CVE-2023-41151

HistoryDec 14, 2023 - 7:15 p.m.

Code injection

2023-12-1419:15:00

PRIOn knowledge base

www.prio-n.com

code injection

softing opc ua

exception issue

application crash

error packet

windows operating system

socket blocked

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.8%

JSON

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.

CPENameOperatorVersion
opcle5.30
opc_ua_c\\+\\+_software_development_kitle6.20.1
secure_integration_serverle1.22

Name	Operator	Version
opc	le	5.30
opc_ua_c\\+\\+_software_development_kit	le	6.20.1
secure_integration_server	le	1.22

References

industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.8%

JSON

Related for PRION:CVE-2023-41151