Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
Productos con el programa Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versiones V3.0.7 y anteriores (solo versiones de .NET 4.5, 4.0 y 3.5 Framework) son vulnerables a una recursividad no controlada, que puede permitir a un atacante desencadenar un desbordamiento de pila
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | NONE |
AV:N/AC:L/Au:N/C:P/I:N/A:N
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | NONE |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-200
|
| [email protected] | Primary |
en
CWE-674
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| unified-automation | .net_based_opc_ua_client\/server_sdk | * | <built-in method update of dict object at 0x72a9b0a6e000> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:unified-automation:.net_based_opc_ua_client\/server_sdk:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* |
| No | cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:* |
| No | cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:* |