CVE-2024-57086
📋 TL;DR
This CVE describes a prototype pollution vulnerability in the fieldsToJson function of node-opcua-alarm-condition v2.134.0. Attackers can exploit this by sending specially crafted payloads to cause Denial of Service (DoS) conditions. Systems using this specific version of the OPC UA alarm condition library are affected.
💻 Affected Systems
- node-opcua-alarm-condition
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of OPC UA alarm systems leading to operational downtime in industrial environments.
Likely Case
Service crashes or hangs requiring manual restart of affected OPC UA services.
If Mitigated
Limited impact with proper input validation and monitoring in place.
🎯 Exploit Status
Exploitation requires understanding of prototype pollution techniques and OPC UA protocol structure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.135.0 or later
Vendor Advisory: https://github.com/node-opcua/node-opcua-alarm-condition
Restart Required: Yes
Instructions:
1. Update package.json to use node-opcua-alarm-condition v2.135.0 or later. 2. Run 'npm update node-opcua-alarm-condition'. 3. Restart all services using this library.
🔧 Temporary Workarounds
Input Validation Filter
allImplement input validation to reject malformed JSON payloads before they reach the vulnerable function.
// Add middleware to validate JSON structure before processing
🧯 If You Can't Patch
- Implement network segmentation to isolate OPC UA systems from untrusted networks
- Deploy WAF or reverse proxy with JSON payload inspection capabilities
🔍 How to Verify
Check if Vulnerable:
Check package.json or node_modules for node-opcua-alarm-condition version 2.134.0Check Version:
npm list node-opcua-alarm-condition | grep node-opcua-alarm-conditionVerify Fix Applied:
Verify installed version is 2.135.0 or later using 'npm list node-opcua-alarm-condition'📡 Detection & Monitoring
Log Indicators:
- Unexpected service crashes
- Memory exhaustion warnings
- Unusual JSON parsing errors
Network Indicators:
- Unusually large or malformed OPC UA messages
- Repeated connection attempts with crafted payloads
SIEM Query:
source="opcua-service" AND (event="crash" OR event="memory_error" OR message="*prototype*" OR message="*fieldsToJson*")