← Back to CVEs

CVE-2023-39477

HIGH

7.5

Description

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published5/3/2024

Last Modified3/12/2025

Sourcenvd

Honeypot Sightings0

Affected Products

inductiveautomation:ignition

Weaknesses (CWE)

CWE-400

References

https://inductiveautomation.com/downloads/releasenotes/8.1.33(zdi-disclosures@trendmicro.com)

https://www.zerodayinitiative.com/advisories/ZDI-23-1050/(zdi-disclosures@trendmicro.com)

https://inductiveautomation.com/downloads/releasenotes/8.1.33(af854a3a-2127-422b-91ae-364da2661108)

https://www.zerodayinitiative.com/advisories/ZDI-23-1050/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.