Integer Overflow Issue in Siemens OPC UA Implementations
CVE-2023-28831

8.7HIGH

Key Information:

Vendor: Siemens
Status: Simatic Braumat; Simatic Cloud Connect 7 Cc712; Simatic Cloud Connect 7 Cc716; Simatic Comfort/mobile Rt
Vendor: CVE Published:; 12 September 2023

What is CVE-2023-28831?

The OPC UA implementations in Siemens products harbor an integer overflow vulnerability that can lead to an infinite loop during the certificate validation process. This condition could be exploited by an unauthenticated remote attacker utilizing a specially crafted certificate, resulting in a denial of service that impacts application availability and reliability.

Affected Version(s)

SIMATIC BRAUMAT 0

SIMATIC Cloud Connect 7 CC712 0

SIMATIC Cloud Connect 7 CC716 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-71130...

https://cert-portal.siemens.com/productcert/pdf/ssa-11885...

https://cert-portal.siemens.com/productcert/html/ssa-7113...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Mar 24, 2023

JSON