CVE-2023-3825
CVSS V2 None
CVSS V3 None
Description
PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.
Overview
- CVE ID
- CVE-2023-3825
- Assigner
- icscert
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-31T22:53:56.568Z
- Last Modified Date
- 2023-07-31T22:53:56.568Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02 | government-resource |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-3825 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3825 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 21:25:53 | Added to TrackCVE |