CVE-2023-27321 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-27321 PUBLISHED CVSS 7.5 HIGH

OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.

EPSS 1.31% · 79.7th percentile

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

1.31%

79.7th percentile

Affected Products

Vendor	Product	Versions
opcfoundation	ua-.netstandard	0
OPC Foundation	UA .NET Standard	1.4.371.60
NuGet	OPCFoundation.NetStandard.Opc.Ua.Server	0
opcfoundation	unified_architecture_.net-standard	1.4.371.60

Timeline

May 5, 2023 CVE Published
May 8, 2024 EPSS Score
Jun 1, 2024 EPSS Score
Jun 25, 2024 EPSS Score
Jul 19, 2024 EPSS Score
Aug 11, 2024 EPSS Score
Sep 4, 2024 EPSS Score
Sep 28, 2024 EPSS Score
Oct 21, 2024 EPSS Score
Dec 8, 2024 EPSS Score
Jan 1, 2025 EPSS Score
Jan 24, 2025 EPSS Score

References

Open in Interactive Console →