Vulnerability Description
The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opcfoundation | Ua Java Legacy | < 2023-04-28 |
| Prosysopc | Ua Historian | < 1.2.0 |
| Prosysopc | Ua Modbus Server | < 1.4.20 |
| Prosysopc | Ua Simulation Server | < 5.4.2 |
Related Weaknesses (CWE)
References
- https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20PatchVendor Advisory
- https://github.com/OPCFoundation/UA-Java-LegacyProduct
- https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f2Patch
- https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20PatchVendor Advisory
- https://github.com/OPCFoundation/UA-Java-LegacyProduct
- https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f2Patch
FAQ
What is CVE-2023-32787?
CVE-2023-32787 is a vulnerability with a CVSS score of 7.5 (HIGH). The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.
How severe is CVE-2023-32787?
CVE-2023-32787 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32787?
Check the references section above for vendor advisories and patch information. Affected products include: Opcfoundation Ua Java Legacy, Prosysopc Ua Historian, Prosysopc Ua Modbus Server, Prosysopc Ua Simulation Server.