CVE-2020-27274

HIGH

Honeywell OPC UA Tunneller < 6.3.0.8233 - Denial of Service via Unchecked Malloc Return Value

Title source: llm
STIX 2.1

Description

Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03

Scores

CVSS v3 7.5
EPSS 0.0115
EPSS Percentile 62.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-754
Status published
Products (1)
honeywell/opc_ua_tunneller < 6.3.0.8233
Published Jan 26, 2021
Tracked Since Feb 18, 2026