cve-2023-7234
Vulnerability from cvelistv5
Published
2024-01-16 18:11
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs
References
▼ | URL | Tags | |
---|---|---|---|
ics-cert@hq.dhs.gov | https://integrationobjects.com//ask-a-question/ | Not Applicable | |
ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02 | Third Party Advisory, US Government Resource |
Impacted products
▼ | Vendor | Product |
---|---|---|
Integration Objects | OPC UA Server Toolkit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.511Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02" }, { "tags": [ "x_transferred" ], "url": "https://integrationobjects.com//ask-a-question/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OPC UA Server Toolkit", "vendor": "Integration Objects", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sam Hanson of Dragos reported this vulnerability to CISA." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client\u0027s self-defined description field.\u003c/span\u003e\n\n" } ], "value": "\nOPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client\u0027s self-defined description field.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-117", "description": "CWE-117 ", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-16T18:11:50.146Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02" }, { "url": "https://integrationobjects.com//ask-a-question/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIntegration Objects has not responded to requests to work with CISA to mitigate these vulnerabilities. Developers using affected versions of OPC UA Server Toolkit are invited to contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://integrationobjects.com//ask-a-question/\"\u003eIntegration Objects for additional information.\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "\nIntegration Objects has not responded to requests to work with CISA to mitigate these vulnerabilities. Developers using affected versions of OPC UA Server Toolkit are invited to contact Integration Objects for additional information. https://integrationobjects.com//ask-a-question/ \n\n\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-7234", "datePublished": "2024-01-16T18:11:50.146Z", "dateReserved": "2024-01-15T22:26:10.572Z", "dateUpdated": "2024-08-02T08:57:35.511Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-7234\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-01-16T19:15:08.460\",\"lastModified\":\"2024-01-24T16:47:18.570\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nOPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client\u0027s self-defined description field.\\n\\n\"},{\"lang\":\"es\",\"value\":\"OPCUAServerToolkit escribir\u00e1 un mensaje de registro una vez que un cliente OPC UA se haya conectado exitosamente y contenga el campo de descripci\u00f3n autodefinido del cliente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-117\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:integrationobjects:opc_ua_server_toolkit:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CEAB3AE-131B-44BE-A38E-F766EFE239BE\"}]}]}],\"references\":[{\"url\":\"https://integrationobjects.com//ask-a-question/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.