CVE-2023-32787

HIGH

OPC UA Legacy Java Stack < 2023-04-28 - Denial of Service via Uncontrolled Resource Consumption

Title source: llm

Description

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.

References (3)

Core 3

Core References

Patch, Vendor Advisory

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf

Product

https://github.com/OPCFoundation/UA-Java-Legacy

Patch

https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0

Scores

CVSS v3 7.5

EPSS 0.0117

EPSS Percentile 63.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (4)

opcfoundation/ua_java_legacy < 2023-04-28

prosysopc/ua_historian < 1.2.0

prosysopc/ua_modbus_server < 1.4.20

prosysopc/ua_simulation_server < 5.4.2

Published May 15, 2023

Tracked Since Feb 18, 2026