Integer Overflow Issue in Siemens OPC UA Implementations
CVE-2023-28831

7.5HIGH

Key Information:

Vendor
Siemens
Status
Simatic Braumat
Simatic Cloud Connect 7 Cc712
Simatic Cloud Connect 7 Cc716
Simatic Comfort/mobile Rt
Vendor
CVE Published:
12 September 2023

Summary

The OPC UA implementations in Siemens products harbor an integer overflow vulnerability that can lead to an infinite loop during the certificate validation process. This condition could be exploited by an unauthenticated remote attacker utilizing a specially crafted certificate, resulting in a denial of service that impacts application availability and reliability.

Affected Version(s)

SIMATIC BRAUMAT 0

SIMATIC Cloud Connect 7 CC712 0

SIMATIC Cloud Connect 7 CC716 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-71130...
https://cert-portal.siemens.com/productcert/pdf/ssa-11885...
https://cert-portal.siemens.com/productcert/html/ssa-7113...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.