{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "publisher": { "category": "vendor", "name": "Softing Industrial Automation GmbH", "namespace": "https://industrial.softing.com", "contact_details": "Softing PSIRT - contact us at psirt@softing.com" }, "title": "Use of uninitialized resource vulnerability in OPC UA C++ SDK, Secure Integration Server and OPC Suite", "tracking": { "current_release_date": "0023-11-07T11:00:00.000Z", "id": "SYT-2023-3", "initial_release_date": "2023-11-07T11:00:00.000Z", "revision_history": [ { "date": "2023-11-07T11:00:00.000Z", "number": "1.0.0", "summary": "Initial version" } ], "status": "final", "version": "1.0.0", "generator": { "date": "2023-11-07T15:53:09.275Z", "engine": { "version": "2.2.14", "name": "Secvisogram" } } }, "source_lang": "en-US", "aggregate_severity": { "text": "high" }, "notes": [ { "category": "legal_disclaimer", "text": "The information provided in this disclosure is provided \"as is\" without warranty of any kind.\nSofting disclaims all warranties, either express or implied, including the warranties of\nmerchantability and fitness for a particular purpose. In no event shall Softing or its suppliers be\nliable for any damages whatsoever including direct, indirect, incidental, consequential, loss of\nbusiness profits or special damages, even if Softing or its suppliers have been advised of the\npossibility of such damages.\nSome states do not allow the exclusion or limitation of liability for consequential or incidental\ndamages so the foregoing limitation may not apply.\n", "title": "Disclaimer" } ] }, "product_tree": { "branches": [ { "category": "product_version_range", "name": "Softing OPC UA C++ SDK <= 6.20.1", "product": { "product_id": "CSAFPID-0001", "name": "Softing OPC UA C++ SDK <= 6.20.1" } }, { "category": "product_version", "name": "Softing OPC UA C++ SDK V6.30", "product": { "product_id": "CSAFPID-0100", "name": "Softing OPC UA C++ SDK V6.30" } }, { "category": "product_version_range", "name": "Softing Secure Integration Server <= V1.22", "product": { "name": "Softing Secure Integration Server <= V1.22", "product_id": "CSAFPID-0002" } }, { "name": "Softing Secure Integration Server V1.30", "category": "product_version", "product": { "name": "Softing Secure Integration Server V1.30", "product_id": "CSAFPID-0101" } }, { "category": "product_version_range", "name": "Softing OPC Suite <= V5.30", "product": { "product_id": "CSAFPID-0003", "name": "Softing OPC Suite <= V5.30" } }, { "category": "product_version", "name": "Softing OPC Suite V5.35", "product": { "product_id": "CSAFPID-0103", "name": "Softing OPC Suite V5.35" } } ] }, "vulnerabilities": [ { "scores": [ { "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "temporalScore": 7.5, "temporalSeverity": "HIGH", "environmentalScore": 7.5, "environmentalSeverity": "HIGH" } } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "fixed": [ "CSAFPID-0100", "CSAFPID-0101" ] }, "notes": [ { "category": "summary", "text": "When the Server want to send an error packet, while socket is blocked on writing, the server may crash unexpectedly and must be restarted\nThis issue only occurs on Windows operating system." } ], "discovery_date": "2022-10-14T10:00:00.000Z", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "cve": "CVE-2023-41151" } ] }