Lucene search

Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon BrizinovZDI-23-1054

HistoryAug 09, 2023 - 12:00 a.m.

(Pwn2Own) Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability

2023-08-0900:00:00

Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov

www.zerodayinitiative.com

pwn2own

softing

siemens

denial-of-service

vulnerability

conditionrefresh

resource exhaustion

opc ua

EPSS

0.001

Percentile

16.2%

JSON

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

References

industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html

EPSS

0.001

Percentile

16.2%

JSON

Related for ZDI-23-1054