Integer Overflow Issue in Siemens OPC UA Implementations
CVE-2023-28831

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Braumat; Simatic Cloud Connect 7 Cc712; Simatic Cloud Connect 7 Cc716; Simatic Comfort/mobile Rt
Vendor: CVE Published:; 12 September 2023

What is CVE-2023-28831?

The OPC UA implementations in Siemens products harbor an integer overflow vulnerability that can lead to an infinite loop during the certificate validation process. This condition could be exploited by an unauthenticated remote attacker utilizing a specially crafted certificate, resulting in a denial of service that impacts application availability and reliability.

Affected Version(s)

SIMATIC BRAUMAT 0

SIMATIC Cloud Connect 7 CC712 0

SIMATIC Cloud Connect 7 CC716 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-71130...

https://cert-portal.siemens.com/productcert/pdf/ssa-11885...

https://cert-portal.siemens.com/productcert/html/ssa-7113...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Mar 24, 2023