CVE-2023-28831

Q: What is the severity of CVE-2023-28831?

CVE-2023-28831 has a CVSS score of 7.5 (HIGH). This CVE describes an integer overflow vulnerability in OPC UA implementations (ANSI C and C++) that causes infinite loops during certificate validation. An unauthenticated remote attacker can exploit this by sending a specially crafted certificate to create a denial of service condition. Affected products include Siemens industrial control systems and other devices using vulnerable OPC UA stacks.

7.5 HIGH

Denial of Service

📋 TL;DR

This CVE describes an integer overflow vulnerability in OPC UA implementations (ANSI C and C++) that causes infinite loops during certificate validation. An unauthenticated remote attacker can exploit this by sending a specially crafted certificate to create a denial of service condition. Affected products include Siemens industrial control systems and other devices using vulnerable OPC UA stacks.

💻 Affected Systems

Products:

Siemens SIMATIC products
Siemens SINUMERIK products
Other devices using affected OPC UA stacks

Versions: Various versions as specified in Siemens advisories SSA-118850 and SSA-711309

Operating Systems: Windows, Linux, Real-time operating systems in industrial controllers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects OPC UA server implementations using vulnerable ANSI C or C++ stacks. Industrial control systems in manufacturing, energy, and critical infrastructure are particularly at risk.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical industrial control systems become unresponsive due to infinite loops, causing production downtime, safety system failures, or process disruptions in manufacturing, energy, or infrastructure environments.

🟠

Likely Case

OPC UA servers become unresponsive or crash, disrupting industrial automation communications and causing temporary operational interruptions until systems are restarted.

🟢

If Mitigated

With proper network segmentation and access controls, exploitation attempts are blocked at perimeter defenses, limiting impact to isolated network segments.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a specially crafted certificate to trigger the integer overflow. No authentication is required, making this easily exploitable if network access is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Siemens advisories for specific product updates

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-118850.html

Restart Required: Yes

Instructions:

1. Review Siemens advisories SSA-118850 and SSA-711309. 2. Identify affected products in your environment. 3. Apply vendor-provided patches or updates. 4. Restart affected systems. 5. Verify patch application and system functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OPC UA systems in dedicated network segments with strict access controls

Firewall Rules

all

Restrict access to OPC UA ports (typically 4840/tcp) to authorized systems only

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems from untrusted networks
Deploy intrusion detection/prevention systems to monitor for certificate-based attack patterns

🔍 How to Verify

Check if Vulnerable:

Check product versions against Siemens advisories SSA-118850 and SSA-711309. Review system logs for certificate validation failures or unusual OPC UA process behavior.

Check Version:

Product-specific commands vary. Consult Siemens documentation for version checking on specific industrial control systems.

Verify Fix Applied:

Verify patch version numbers match those specified in vendor advisories. Test certificate validation functionality and monitor for infinite loop conditions.

📡 Detection & Monitoring

Log Indicators:

OPC UA process consuming 100% CPU
Certificate validation failures
OPC UA service crashes or restarts
Unusual certificate sizes or formats in logs

Network Indicators:

Unusual certificate traffic to OPC UA ports
Multiple certificate validation attempts from single source
Traffic patterns suggesting DoS attempts

SIEM Query:

source="opcua" AND (event="certificate_validation" OR event="process_hang" OR cpu_usage>95) OR dest_port=4840 AND protocol="OPCUA" AND certificate_size>threshold

📊 Metadata

CVE ID: CVE-2023-28831

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

Published: September 12, 2023

Last Updated: August 18, 2025

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-118850.html Mitigation,Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-711309.html Mitigation,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-118850.pdf Mitigation,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-118850.html Mitigation,Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-711309.html Mitigation,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-118850.pdf Mitigation,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Simatic Cloud Connect 7 Cc712 Firmware by Siemens

Simatic Cloud Connect 7 Cc716 Firmware by Siemens

Simatic Drive Controller Cpu 1504d Tf Firmware by Siemens

Simatic Drive Controller Cpu 1507d Tf Firmware by Siemens

Simatic Et 200sp Open Controller Cpu Firmware by Siemens

Simatic S7 1200 Cpu Firmware by Siemens

Simatic S7 1500 Cpu 1510sp 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1510sp F 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1511 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1511c 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1511f 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1511t 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1511tf 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1512c 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1512sp 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1512sp F 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1513 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1513f 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1513r 1 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1514sp 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1514sp F 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1514spt 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1514spt F 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1515 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1515f 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1515r 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1515t 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1515tf 2 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1516 3 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1516f 3 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1516t 3 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1516tf 3 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1517 3 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1517f 3 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1517h 3 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1517t 3 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1517tf 3 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1518 4 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1518 4 Pn\/dp Mfp Firmware by Siemens

Simatic S7 1500 Cpu 1518f 4 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1518f 4 Pn\/dp Mfp Firmware by Siemens

Simatic S7 1500 Cpu 1518hf 4 Pn Firmware by Siemens

Simatic S7 1500 Cpu 1518t 4 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu 1518tf 4 Pn\/dp Firmware by Siemens

Simatic S7 1500 Cpu S7 1518 4 Pn\/dp Odk Firmware by Siemens

Simatic S7 1500 Cpu S7 1518f 4 Pn\/dp Odk Firmware by Siemens

Simatic S7 1500 Et 200pro Firmware by Siemens

Simatic S7 1500 Software Controller Firmware by Siemens

Simatic S7 1500 Software Controller Firmware by Siemens

Simatic S7 Plcsim Advanced Firmware by Siemens

Siplus Et 200sp Cpu 1510sp 1 Pn Firmware by Siemens

Siplus Et 200sp Cpu 1510sp 1 Pn Rail Firmware by Siemens

Siplus Et 200sp Cpu 1510sp F 1 Pn Firmware by Siemens

Siplus Et 200sp Cpu 1510sp F 1 Pn Rail Firmware by Siemens

Siplus Et 200sp Cpu 1512sp 1 Pn Firmware by Siemens

Siplus Et 200sp Cpu 1512sp 1 Pn Rail Firmware by Siemens

Siplus Et 200sp Cpu 1512sp F 1 Pn Firmware by Siemens

Siplus Et 200sp Cpu 1512sp F 1 Pn Rail Firmware by Siemens

Siplus S7 1500 Cpu 1511 1 Pn Firmware by Siemens

Siplus S7 1500 Cpu 1511 1 Pn T1 Rail Firmware by Siemens

Siplus S7 1500 Cpu 1511 1 Pn Tx Rail Firmware by Siemens

Siplus S7 1500 Cpu 1511f 1 Pn Firmware by Siemens

Siplus S7 1500 Cpu 1513 1 Pn Firmware by Siemens

Siplus S7 1500 Cpu 1513f 1 Pn Firmware by Siemens

Siplus S7 1500 Cpu 1515f 2 Pn Firmware by Siemens

Siplus S7 1500 Cpu 1515f 2 Pn Rail Firmware by Siemens

Siplus S7 1500 Cpu 1515f 2 Pn T2 Rail Firmware by Siemens

Siplus S7 1500 Cpu 1515r 2 Pn Firmware by Siemens

Siplus S7 1500 Cpu 1515r 2 Pn Tx Rail Firmware by Siemens

Siplus S7 1500 Cpu 1516 3 Pn\/dp Firmware by Siemens

Siplus S7 1500 Cpu 1516 3 Pn\/dp Rail Firmware by Siemens

Siplus S7 1500 Cpu 1516 3 Pn\/dp Tx Rail Firmware by Siemens

Siplus S7 1500 Cpu 1516f 3 Pn\/dp Firmware by Siemens

Siplus S7 1500 Cpu 1516f 3 Pn\/dp Rail Firmware by Siemens

Siplus S7 1500 Cpu 1517h 3 Pn Firmware by Siemens

Siplus S7 1500 Cpu 1518 4 Pn\/dp Firmware by Siemens

Siplus S7 1500 Cpu 1518 4 Pn\/dp Mfp Firmware by Siemens