Login Sign Up

CVE-2023-27334

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to cause a denial-of-service condition in Softing edgeConnector Siemens by sending excessive OPC UA ConditionRefresh requests, which exhausts server resources. It affects installations of Softing edgeConnector Siemens without requiring authentication.

💻 Affected Systems

Products:
  • Softing edgeConnector Siemens
Versions: Versions prior to the patched version (specific version not provided in references)
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default installations that expose the OPC UA interface.

📦 What is this software?

Edgeaggregator by Softing

View all CVEs affecting Edgeaggregator →

Edgeconnector by Softing

View all CVEs affecting Edgeconnector →

Opc Ua C\+\+ Software Development Kit by Softing

View all CVEs affecting Opc Ua C\+\+ Software Development Kit →

Secure Integration Server by Softing

View all CVEs affecting Secure Integration Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability due to resource exhaustion, disrupting industrial operations and potentially causing safety or production issues.

🟠

Likely Case

Service degradation or temporary unavailability of the OPC UA server functionality, impacting data collection and control systems.

🟢

If Mitigated

Minimal impact with proper network segmentation and rate limiting in place.

🌐 Internet-Facing: HIGH - No authentication required and remote exploitation possible.
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple resource exhaustion attack requiring only network access to the OPC UA port.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html

Restart Required: Yes

Instructions:

1. Download the latest version from Softing's website
2. Follow vendor's upgrade instructions
3. Restart the edgeConnector service

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to the OPC UA port (typically 4840/tcp) to trusted networks only.

Rate Limiting

all

Implement network-level rate limiting for OPC UA traffic to prevent request flooding.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the OPC UA interface
  • Deploy intrusion prevention systems with DoS protection rules

🔍 How to Verify

Check if Vulnerable:

Check edgeConnector Siemens version against vendor advisory. If running unpatched version and OPC UA interface is exposed, assume vulnerable.

Check Version:

Check version through edgeConnector management interface or installation directory

Verify Fix Applied:

Verify installation of patched version from vendor advisory and confirm OPC UA service is running normally under load testing.

📡 Detection & Monitoring

Log Indicators:

  • High frequency of OPC UA ConditionRefresh requests
  • Resource exhaustion warnings in system logs
  • Service restart events

Network Indicators:

  • Unusually high volume of traffic to OPC UA port (4840/tcp)
  • Multiple ConditionRefresh requests from single source

SIEM Query:

source_port=4840 AND (event_type="ConditionRefresh" OR protocol="OPC-UA") | stats count by src_ip | where count > threshold

📊 Metadata

CVE ID: CVE-2023-27334
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: May 3, 2024
Last Updated: August 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27334, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)