CVE-2023-40709
Uncontrolled Resource Consumption in OPTO 22 SNAP PAC S1 Built-In Web Server
In short
An attacker can crash the OPTO 22 SNAP PAC S1 device by flooding it with many ICMP ping requests if the built-in web server is enabled but not fully configured. This denial of service can take down critical industrial control systems.
Technical detail
The vulnerability is triggered by excessive ICMP traffic (ping flood) targeting a SNAP PAC S1 controller with an enabled but incomplete web server configuration in firmware R10.3b. The lack of resource rate-limiting allows the device to exhaust system resources and crash. Successful exploitation requires network-level access to send ICMP packets to the target device.
Summary generated and translated by AI from the official description.
An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
OPTO 22 · SNAP PAC S1Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →