VDB

CVE-2023-27321

CVE-2023-27321 PUBLISHED CVSS 7.5 HIGH

OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.

EPSS 3.27% · 87.4th percentile

Risk Scores

CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
3.27%
87.4th percentile

Affected Products

VendorProductVersions
opcfoundationua-.netstandard0
OPC FoundationUA .NET Standard1.4.371.60
NuGetOPCFoundation.NetStandard.Opc.Ua.Server0
opcfoundationunified_architecture_.net-standard1.4.371.60

Timeline

  • May 5, 2023 CVE Published
  • May 8, 2024 EPSS Score
  • Jun 1, 2024 EPSS Score
  • Jun 26, 2024 EPSS Score
  • Jul 21, 2024 EPSS Score
  • Aug 14, 2024 EPSS Score
  • Oct 1, 2024 EPSS Score
  • Oct 25, 2024 EPSS Score
  • Nov 18, 2024 EPSS Score
  • Dec 14, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score
  • Jan 31, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›