Main Vulnerability Database Vulnerabilities #VU49953

#VU49953 Improper Check for Unusual or Exceptional Conditions in OPC UA Tunneller - CVE-2020-27274

Published: January 25, 2021

Vulnerability identifier: #VU49953

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-27274

CWE-ID: CWE-754

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OPC UA Tunneller

Software vendor:
Honeywell International, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to some parsing functions do not check the return value of malloc and the thread handling the message is forced to close. A remote attacker can cause denial of service condition.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-21-021-03