Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32787

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.

Published

2023-05-15T15:15:12.823

Last Modified

2024-11-21T08:04:01.600

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opcfoundation	ua_java_legacy	< 2023-04-28	Yes
Application	prosysopc	ua_historian	< 1.2.0	Yes
Application	prosysopc	ua_modbus_server	< 1.4.20	Yes
Application	prosysopc	ua_simulation_server	< 5.4.2	Yes

References

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf Patch, Vendor Advisory ([email protected])
https://github.com/OPCFoundation/UA-Java-Legacy Product ([email protected])
https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0 Patch ([email protected])
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OPCFoundation/UA-Java-Legacy Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0 Patch (af854a3a-2127-422b-91ae-364da2661108)