{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T18:51:24.367","vulnerabilities":[{"cve":{"id":"CVE-2023-32172","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-05-03T02:15:22.773","lastModified":"2025-08-08T14:17:00.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the ImportXML function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20497."},{"lang":"es","value":"Vulnerabilidad de denegación de servicio de Use-After-Free del servidor UaGateway OPC UA de Unified Automation. Esta vulnerabilidad permite a atacantes remotos crear una condición de denegación de servicio en las instalaciones afectadas de Unified Automation UaGateway. Se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe en la implementación de la función ImportXML. El problema surge de la falta de validación de la existencia de un objeto antes de realizar operaciones sobre él. Un atacante puede aprovechar esta vulnerabilidad para crear una condición de denegación de servicio en el sistema. Era ZDI-CAN-20497."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unified-automation:uagateway:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.13.487","matchCriteriaId":"0198D9C1-4354-4611-A3F3-16059270B375"}]}]}],"references":[{"url":"https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-777/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]},{"url":"https://documentation.unified-automation.com/uagateway/1.5.14/CHANGELOG.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-777/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}