Improper Check for Unusual or Exceptional Conditions in OPC UA Tunneller - CVE-2020-27274

 

Improper Check for Unusual or Exceptional Conditions in OPC UA Tunneller - CVE-2020-27274

Published: January 25, 2021


Vulnerability identifier: #VU49953
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-27274
CWE-ID: CWE-754
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Honeywell International, Inc
Affected software:
OPC UA Tunneller

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to some parsing functions do not check the return value of malloc and the thread handling the message is forced to close. A remote attacker can cause denial of service condition.


How to mitigate CVE-2020-27274

Install updates from vendor's website.

Sources