CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
56.3%
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation.
This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | simatic_cloud_connect_7_cc712 | - | cpe:2.3:h:siemens:simatic_cloud_connect_7_cc712:-:*:*:*:*:*:*:* |
siemens | simatic_cloud_connect_7_cc712_firmware | * | cpe:2.3:o:siemens:simatic_cloud_connect_7_cc712_firmware:*:*:*:*:*:*:*:* |
siemens | simatic_cloud_connect_7_cc716 | - | cpe:2.3:h:siemens:simatic_cloud_connect_7_cc716:-:*:*:*:*:*:*:* |
siemens | simatic_cloud_connect_7_cc716_firmware | * | cpe:2.3:o:siemens:simatic_cloud_connect_7_cc716_firmware:*:*:*:*:*:*:*:* |
siemens | simatic_drive_controller_cpu_1504d_tf | - | cpe:2.3:h:siemens:simatic_drive_controller_cpu_1504d_tf:-:*:*:*:*:*:*:* |
siemens | simatic_drive_controller_cpu_1504d_tf_firmware | * | cpe:2.3:o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:*:*:*:*:*:*:*:* |
siemens | simatic_drive_controller_cpu_1507d_tf | - | cpe:2.3:h:siemens:simatic_drive_controller_cpu_1507d_tf:-:*:*:*:*:*:*:* |
siemens | simatic_drive_controller_cpu_1507d_tf_firmware | * | cpe:2.3:o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:*:*:*:*:*:*:*:* |
siemens | simatic_et_200sp_open_controller_cpu_firmware | * | cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_firmware:*:*:*:*:*:*:*:* |
siemens | simatic_et_200sp_open_controller_cpu | - | cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu:-:*:*:*:*:*:*:* |