CVE-2023-41185 Vulnerability Details

  /     /     /  

CVE-2023-41185 Metadata Quick Info

CVE Published: 03/05/2024 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: zdi | Vendor: Unified Automation | Product: UaGateway
Status : PUBLISHED

---

CVE-2023-41185 Description

Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-190
CWE Name: CWE-190: Integer Overflow or Wraparound
Source: Unified Automation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).