Vulnerability Description
Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML configuration file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. . Was ZDI-CAN-20576.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unified-Automation | Uagateway | < 1.5.14.495 |
Related Weaknesses (CWE)
References
- https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txtRelease Notes
- https://www.zerodayinitiative.com/advisories/ZDI-23-779/Third Party Advisory
- https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txtRelease Notes
- https://www.zerodayinitiative.com/advisories/ZDI-23-779/Third Party Advisory
FAQ
What is CVE-2023-32173?
CVE-2023-32173 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Un...
How severe is CVE-2023-32173?
CVE-2023-32173 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32173?
Check the references section above for vendor advisories and patch information. Affected products include: Unified-Automation Uagateway.