Description

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation.

This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.

Classification

CVE ID: CVE-2023-28831

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

Affected Products

Vendor: Siemens

Product: SIMATIC BRAUMAT

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 24.15% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-118850.pdf
https://cert-portal.siemens.com/productcert/html/ssa-711309.html
https://cert-portal.siemens.com/productcert/html/ssa-118850.html

Timeline