1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: AVEVA
- Equipment: SuiteLink Server
- Vulnerability: Allocation of Resources Without Limits or Throttling
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause the server to consume excessive system resources, preventing processing of SuiteLink messages on the targeted host.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following AVEVA products with AVEVA SuiteLink Server installed, are affected:
- SuiteLink: Versions 3.7.0 and prior
- Historian: Versions 2023 R2 P01 and prior
- InTouch: Versions 2023 R2 P01 and prior
- Application Server: Versions 2023 R2 P01 and prior
- Communication Drivers Pack: Versions 2023 R2 and prior
- Batch Management: Versions 2023 and prior
3.2 Vulnerability Overview
3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.
CVE-2024-7113 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2024-7113. A base score of 8.7 has been calculated; the CVSS vector string is ([…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: