CVE-2023-32787

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

T

he OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.

References

Link	Resource
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf	Patch Vendor Advisory
https://github.com/OPCFoundation/UA-Java-Legacy	Product
https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0	Patch
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf	Patch Vendor Advisory
https://github.com/OPCFoundation/UA-Java-Legacy	Product
https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:opcfoundation:ua_java_legacy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:prosysopc:ua_historian::::::::
	cpe:2.3:a:prosysopc:ua_modbus_server::::::::
	cpe:2.3:a:prosysopc:ua_simulation_server::::::::

History

21 Nov 2024, 08:04

Type	Values Removed	Values Added
References	~~() https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf - Patch, Vendor Advisory~~	() https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf - Patch, Vendor Advisory
References	~~() https://github.com/OPCFoundation/UA-Java-Legacy - Product~~	() https://github.com/OPCFoundation/UA-Java-Legacy - Product
References	~~() https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0 - Patch~~	() https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0 - Patch

Information

Published : 2023-05-15 15:15

Updated : 2024-11-21 08:04

NVD link : CVE-2023-32787

Mitre link : CVE-2023-32787

CVE.ORG link : CVE-2023-32787

JSON object : View

Products Affected

opcfoundation

ua_java_legacy

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-32787", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-05-15T15:15:12.823", "references": [{"url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/OPCFoundation/UA-Java-Legacy", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OPCFoundation/UA-Java-Legacy", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications."}, {"lang": "es", "value": "El OPC UA Legacy Java Stack anterior a 6f176f2 permite a un atacante bloquear aplicaciones del servidor OPC UA mediante el consumo incontrolado de recursos para que ya no puedan servir aplicaciones cliente."}], "lastModified": "2024-11-21T08:04:01.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opcfoundation:ua_java_legacy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A87006B3-496C-4A85-A1BE-4F2B18C5438C", "versionEndExcluding": "2023-04-28"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prosysopc:ua_historian:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3E3C310-1CED-4775-BFEB-3D412C661071", "versionEndExcluding": "1.2.0"}, {"criteria": "cpe:2.3:a:prosysopc:ua_modbus_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBD45F09-929C-4DFC-844D-3AC4E00F4F66", "versionEndExcluding": "1.4.20"}, {"criteria": "cpe:2.3:a:prosysopc:ua_simulation_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "826DA345-2A40-4A72-830C-6196C1BE631C", "versionEndExcluding": "5.4.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}