CVE-2023-27334

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-27334
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1054/ Third Party Advisory
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1054/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:edgeconnector:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*
History

13 Aug 2025, 00:10

Type Values Removed Values Added
References () https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html - () https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html - Vendor Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-23-1054/ - () https://www.zerodayinitiative.com/advisories/ZDI-23-1054/ - Third Party Advisory
CPE cpe:2.3:a:softing:edgeconnector:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*
First Time Softing edgeconnector
Softing secure Integration Server
Softing
Softing edgeaggregator
Softing opc Ua C\+\+ Software Development Kit
CWE NVD-CWE-noinfo
Information

Published : 2024-05-03 02:15

Updated : 2025-08-13 00:10

NVD link : CVE-2023-27334

Mitre link : CVE-2023-27334

CVE.ORG link : CVE-2023-27334

JSON object : View

Products Affected

softing

  • edgeconnector
  • opc_ua_c\+\+_software_development_kit
  • secure_integration_server
  • edgeaggregator
CWE
CWE-400

Uncontrolled Resource Consumption

NVD-CWE-noinfo