{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T09:19:24.385","vulnerabilities":[{"cve":{"id":"CVE-2023-32171","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-05-03T02:15:22.593","lastModified":"2025-08-08T14:16:38.933","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the ImportCsv method. A crafted XML payload can cause a null pointer dereference. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20495."},{"lang":"es","value":"Vulnerabilidad de denegación de servicio de desreferencia de puntero nulo del servidor UaGateway OPC UA de Unified Automation. Esta vulnerabilidad permite a atacantes remotos crear una condición de denegación de servicio en las instalaciones afectadas de Unified Automation UaGateway. Se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe dentro del método ImportCsv. un payload XML manipulada puede provocar una desreferencia del puntero nulo. Un atacante puede aprovechar esta vulnerabilidad para crear una condición de denegación de servicio en el sistema. Era ZDI-CAN-20495."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unified-automation:uagateway:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.13.487","matchCriteriaId":"0198D9C1-4354-4611-A3F3-16059270B375"}]}]}],"references":[{"url":"https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-776/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]},{"url":"https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-776/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}