How severe is CVE-2023-32174?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-32174?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2023-32174 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the handling of NodeManagerOpcUa objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-20577.

Related Vulnerabilities

CVE-2016-7835

CRITICAL

CVSS:9.1(Critical)

Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.

CWE-4162016

CVE-2016-9584

CRITICAL

CVSS:9.1(Critical)

libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.

CWE-4162016

CVE-2017-5447

CRITICAL

CVSS:9.1(Critical)

An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This ...

CWE-4162017

CVE-2019-10082

CRITICAL

CVSS:9.1(Critical)

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

CWE-4162019

CVE-2020-27267

CRITICAL

CVSS:9.1(Critical)

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital ...

CWE-4162020

CVE-2020-35898

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.

CWE-4162020