Vulnerability Description
Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this vulnerability in that the target must choose to accept a client certificate. The specific flaw exists within the processing of client certificates. The issue results from the lack of proper validation of certificate data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20494.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unified-Automation | Uagateway | < 1.5.13.487 |
Related Weaknesses (CWE)
References
- https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txtRelease Notes
- https://www.zerodayinitiative.com/advisories/ZDI-23-775/Third Party Advisory
- https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txtRelease Notes
- https://www.zerodayinitiative.com/advisories/ZDI-23-775/Third Party Advisory
FAQ
What is CVE-2023-32170?
CVE-2023-32170 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected ins...
How severe is CVE-2023-32170?
CVE-2023-32170 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32170?
Check the references section above for vendor advisories and patch information. Affected products include: Unified-Automation Uagateway.