CVE-2023-52891
CVE-2023-52891
In short
A vulnerability in OPC UA server software used by Siemens products can cause the server to become overloaded and unresponsive by consuming excessive memory, potentially disrupting industrial processes.
Technical detail
The vulnerability exists in Unified Automation .NET based OPC UA Server SDK versions before 3.2.2 integrated into multiple Siemens products. An attacker can send specially crafted requests to the OPC UA server, triggering high resource consumption and memory exhaustion, resulting in denial of service (DoS) of the affected server.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
Siemens · SIMATIC Energy Manager BasicSiemens · SIMATIC Energy Manager PROSiemens · SIMATIC IPC DiagBaseSiemens · SIMATIC IPC DiagMonitorSiemens · SIMIT V10Siemens · SIMIT V11Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →