CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-32173

Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementation of the AddServer method. By specifying crafted arguments, an attacker can cause invalid characters to be inserted into an XML configuration file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. . Was ZDI-CAN-20576.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.5%

CVSS Severity

CVSS v3 Score 5.8

References

Products affected by CVE-2023-32173

Unified-Automation » Uagateway » Version: N/A

cpe:2.3:a:unified-automation:uagateway:-
Unified-Automation » Uagateway » Version: 1.0.0.120

cpe:2.3:a:unified-automation:uagateway:1.0.0.120
Unified-Automation » Uagateway » Version: 1.0.1.130

cpe:2.3:a:unified-automation:uagateway:1.0.1.130
Unified-Automation » Uagateway » Version: 1.2.0.160

cpe:2.3:a:unified-automation:uagateway:1.2.0.160
Unified-Automation » Uagateway » Version: 1.2.1.177

cpe:2.3:a:unified-automation:uagateway:1.2.1.177
Unified-Automation » Uagateway » Version: 1.2.2.181

cpe:2.3:a:unified-automation:uagateway:1.2.2.181
Unified-Automation » Uagateway » Version: 1.2.3.186

cpe:2.3:a:unified-automation:uagateway:1.2.3.186
Unified-Automation » Uagateway » Version: 1.2.4.200

cpe:2.3:a:unified-automation:uagateway:1.2.4.200
Unified-Automation » Uagateway » Version: 1.2.5.203

cpe:2.3:a:unified-automation:uagateway:1.2.5.203
Unified-Automation » Uagateway » Version: 1.3.1.244

cpe:2.3:a:unified-automation:uagateway:1.3.1.244
Unified-Automation » Uagateway » Version: 1.3.10.294

cpe:2.3:a:unified-automation:uagateway:1.3.10.294
Unified-Automation » Uagateway » Version: 1.3.12.299

cpe:2.3:a:unified-automation:uagateway:1.3.12.299
Unified-Automation » Uagateway » Version: 1.3.2.247

cpe:2.3:a:unified-automation:uagateway:1.3.2.247
Unified-Automation » Uagateway » Version: 1.3.3.257

cpe:2.3:a:unified-automation:uagateway:1.3.3.257
Unified-Automation » Uagateway » Version: 1.3.4.261

cpe:2.3:a:unified-automation:uagateway:1.3.4.261
Unified-Automation » Uagateway » Version: 1.3.5.263

cpe:2.3:a:unified-automation:uagateway:1.3.5.263
Unified-Automation » Uagateway » Version: 1.3.6.279

cpe:2.3:a:unified-automation:uagateway:1.3.6.279
Unified-Automation » Uagateway » Version: 1.3.7.282

cpe:2.3:a:unified-automation:uagateway:1.3.7.282
Unified-Automation » Uagateway » Version: 1.3.8.283

cpe:2.3:a:unified-automation:uagateway:1.3.8.283
Unified-Automation » Uagateway » Version: 1.3.9.288

cpe:2.3:a:unified-automation:uagateway:1.3.9.288
Unified-Automation » Uagateway » Version: 1.4.0.332

cpe:2.3:a:unified-automation:uagateway:1.4.0.332
Unified-Automation » Uagateway » Version: 1.4.1.336

cpe:2.3:a:unified-automation:uagateway:1.4.1.336
Unified-Automation » Uagateway » Version: 1.4.2.353

cpe:2.3:a:unified-automation:uagateway:1.4.2.353
Unified-Automation » Uagateway » Version: 1.4.3.356

cpe:2.3:a:unified-automation:uagateway:1.4.3.356
Unified-Automation » Uagateway » Version: 1.4.4.357

cpe:2.3:a:unified-automation:uagateway:1.4.4.357
Unified-Automation » Uagateway » Version: 1.4.5.361

cpe:2.3:a:unified-automation:uagateway:1.4.5.361
Unified-Automation » Uagateway » Version: 1.4.6.363

cpe:2.3:a:unified-automation:uagateway:1.4.6.363
Unified-Automation » Uagateway » Version: 1.4.8.372

cpe:2.3:a:unified-automation:uagateway:1.4.8.372
Unified-Automation » Uagateway » Version: 1.4.9.375

cpe:2.3:a:unified-automation:uagateway:1.4.9.375
Unified-Automation » Uagateway » Version: 1.5.1.404

cpe:2.3:a:unified-automation:uagateway:1.5.1.404
Unified-Automation » Uagateway » Version: 1.5.10.467

cpe:2.3:a:unified-automation:uagateway:1.5.10.467
Unified-Automation » Uagateway » Version: 1.5.11.475

cpe:2.3:a:unified-automation:uagateway:1.5.11.475
Unified-Automation » Uagateway » Version: 1.5.12.482

cpe:2.3:a:unified-automation:uagateway:1.5.12.482
Unified-Automation » Uagateway » Version: 1.5.13.487

cpe:2.3:a:unified-automation:uagateway:1.5.13.487
Unified-Automation » Uagateway » Version: 1.5.2.410

cpe:2.3:a:unified-automation:uagateway:1.5.2.410
Unified-Automation » Uagateway » Version: 1.5.3.420

cpe:2.3:a:unified-automation:uagateway:1.5.3.420
Unified-Automation » Uagateway » Version: 1.5.4.428

cpe:2.3:a:unified-automation:uagateway:1.5.4.428
Unified-Automation » Uagateway » Version: 1.5.5.433

cpe:2.3:a:unified-automation:uagateway:1.5.5.433
Unified-Automation » Uagateway » Version: 1.5.6.441

cpe:2.3:a:unified-automation:uagateway:1.5.6.441
Unified-Automation » Uagateway » Version: 1.5.7.448

cpe:2.3:a:unified-automation:uagateway:1.5.7.448
Unified-Automation » Uagateway » Version: 1.5.8.454

cpe:2.3:a:unified-automation:uagateway:1.5.8.454
Unified-Automation » Uagateway » Version: 1.5.9.466

cpe:2.3:a:unified-automation:uagateway:1.5.9.466

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-32173

Products

Pricing

Contact Us