CVE-2023-27321
Severity:
HIGH
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
07/05/2024
Last modified:
08/05/2024
Description
OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.<br />
<br />
The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH