Vulnerability Details : CVE-2023-32787
The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.
Products affected by CVE-2023-32787
- cpe:2.3:a:opcfoundation:ua_java_legacy:*:*:*:*:*:*:*:*
- cpe:2.3:a:prosysopc:ua_modbus_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:prosysopc:ua_simulation_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:prosysopc:ua_historian:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32787
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32787
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-32787
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-32787
-
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf
Patch;Vendor Advisory
-
https://github.com/OPCFoundation/UA-Java-Legacy
GitHub - OPCFoundation/UA-Java-Legacy: This repository is provided by OPC Foundation as legacy support for an Java version for OPC UA.Product
-
https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0
Merge pull request #229 from OPCFoundation/224-maxconnectioncount-sho… · OPCFoundation/UA-Java-Legacy@6f176f2 · GitHubPatch
Jump to