Improper Check for Unusual or Exceptional Conditions in OPC UA Tunneller - CVE-2020-27274
Published: January 25, 2021
Vulnerability identifier: #VU49953
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-27274
CWE-ID: CWE-754
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Honeywell International, Inc
Affected software:
OPC UA Tunneller
OPC UA Tunneller
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to some parsing functions do not check the return value of malloc and the thread handling the message is forced to close. A remote attacker can cause denial of service condition.
How to mitigate CVE-2020-27274
Install updates from vendor's website.