ZDI-23-777: (Pwn2Own) Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability

May 31, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability.

attackers authentication automation exploit free opc opc ua pwn2own server service use-after-free vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers bluetooth code +20

ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-432: Dassault Systèmes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +17

ZDI-24-431: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 1 day ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

C003561 On-line Vulnerability Assessment (OVA) Tool Manager (CTS) - WED 22 May

@ EMW, Inc. | Mons, Wallonia, Belgium

View on infosec-jobs.com

Engineer - IT Security Compliance

@ Tiffany & Co. | Parsippany, NJ, United States

View on infosec-jobs.com

Senior Restricted Research Compliance Specialist

@ University of Cincinnati | Cincinnati, OH, US

View on infosec-jobs.com

Senior Manager of Security Engineering - Employee Compute

@ JPMorgan Chase & Co. | Houston, TX, United States

View on infosec-jobs.com

Incident Response Analyst

@ Verisk | Jersey City, NJ, United States

View on infosec-jobs.com

Application Security Penetration Tester

@ Vodeno | Poland (remote)

View on infosec-jobs.com

View more jobs

all InfoSec news

ZDI-23-777: (Pwn2Own) Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability

More from www.zerodayinitiative.com / ZDI: Published Advisories

Jobs in InfoSec / Cybersecurity

C003561 On-line Vulnerability Assessment (OVA) Tool Manager (CTS) - WED 22 May

Engineer - IT Security Compliance

Senior Restricted Research Compliance Specialist

Senior Manager of Security Engineering - Employee Compute

Incident Response Analyst

Application Security Penetration Tester