cve/2023/CVE-2023-39477.md

### [CVE-2023-39477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39477)
![](https://img.shields.io/static/v1?label=Product&message=Ignition&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%208.1.24%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption%20('Resource%20Exhaustion')&color=brighgreen)

### Description

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/claroty/opcua-exploit-framework
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-39477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39477)`
			`![](https://img.shields.io/static/v1?label=Product&message=Ignition&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%208.1.24%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption%20('Resource%20Exhaustion')&color=brighgreen)`

			`### Description`

			Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/claroty/opcua-exploit-framework`