Home > Vulnerability Database > CVE-2023-27321

Mend.io Vulnerability Database

CVE-2023-27321

Good to know:

Date: May 7, 2024

OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.

Language: C#

Severity Score

7.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27321

Url: https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-27321.pdf

Url: https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-vpf7-r2fv-75m9

Url: https://github.com/OPCFoundation/UA-.NETStandard

Url: https://www.zerodayinitiative.com/advisories/ZDI-23-548

Url: https://www.zerodayinitiative.com/advisories/ZDI-23-548/

Url: https://www.mend.io/vulnerability-database/CVE-2023-27321

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version OPCFoundation.NetStandard.Opc.Ua.Server - 1.4.371.86

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-27321

Good to know:

Date: May 7, 2024

Language: C#

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?