CVE-2023-32174
Published: 03 May 2024
Summary
CVE-2023-32174 is a critical-severity Use After Free (CWE-416) vulnerability in Unified-Automation Uagateway. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-32174 is a use-after-free vulnerability, tracked as ZDI-CAN-20577 and assigned CWE-416, that affects the NodeManagerOpcUa component in Unified Automation UaGateway. The flaw stems from insufficient validation of object existence before operations are performed, enabling remote code execution with SYSTEM-level privileges on affected installations. It carries a CVSS 3.0 score of 9.1.
Remote attackers who can authenticate to the product in its default configuration may exploit the issue over the network to execute arbitrary code. The vulnerability permits an attacker to achieve full control in the context of the SYSTEM account without requiring user interaction.
Vendor documentation in the UaGateway 1.5.14 changelog and the Zero Day Initiative advisory ZDI-23-780 address the issue and point to available updates. The EPSS score has remained low, with a current value of 0.0517 and a recorded peak of 0.0677.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-36442
Vulnerability details
Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration.…
more
The specific flaw exists within the handling of NodeManagerOpcUa objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-20577.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.