Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability
Vulnerability Description
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Softing edgeConnector 安全漏洞
Vulnerability Description
Softing edgeConnector是Softing公司的一款基于 Docker 的软件应用。可访问 SIMATIC S7、SINUMERIK 840D 和 Modbus TCP 控制器中的过程数据。 Softing edgeAggregator 存在安全漏洞,该漏洞源于OPC UA ConditionRefresh 请求的处理中存在特定缺陷,通过发送大量请求,攻击者可以消耗服务器上的所有可用资源。
CVSS Information
N/A
Vulnerability Type
N/A