All the vulnerabilites related to Integration Objects - OPC UA Server Toolkit
cve-2023-7234
Vulnerability from cvelistv5
Published
2024-01-16 18:11
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Integration Objects | OPC UA Server Toolkit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://integrationobjects.com//ask-a-question/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OPC UA Server Toolkit",
"vendor": "Integration Objects",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client\u0027s self-defined description field.\u003c/span\u003e\n\n"
}
],
"value": "\nOPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client\u0027s self-defined description field.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T18:11:50.146Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02"
},
{
"url": "https://integrationobjects.com//ask-a-question/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIntegration Objects has not responded to requests to work with CISA to mitigate these vulnerabilities. Developers using affected versions of OPC UA Server Toolkit are invited to contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://integrationobjects.com//ask-a-question/\"\u003eIntegration Objects for additional information.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nIntegration Objects has not responded to requests to work with CISA to mitigate these vulnerabilities. Developers using affected versions of OPC UA Server Toolkit are invited to contact Integration Objects for additional information. https://integrationobjects.com//ask-a-question/ \n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-7234",
"datePublished": "2024-01-16T18:11:50.146Z",
"dateReserved": "2024-01-15T22:26:10.572Z",
"dateUpdated": "2024-08-02T08:57:35.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}