Denial-of-Service Vulnerability in OPC UA Tunneller by Insys
CVE-2020-27274

7.5HIGH

Key Information:

Vendor: Honeywell
Status: Opc Ua Tunneller
Vendor: CVE Published:; 26 January 2021

What is CVE-2020-27274?

This vulnerability occurs in the OPC UA Tunneller due to inadequate checks on the return value of the malloc function within its parsing routines. As a consequence, if the allocation fails, the thread processing the message is not correctly managed, potentially leading to a denial-of-service condition. Affected versions prior to 6.3.0.8233 are particularly at risk, which can severely disrupt operational continuity.

Affected Version(s)

OPC UA Tunneller All versions prior to 6.3.0.8233

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2021
Vulnerability Reserved
Oct 19, 2020

Honeywell

What is CVE-2020-27274?

Affected Version(s)

References

CVSS V3.1

Timeline