一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS:

10.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

一、漏洞信息

漏洞编号：[CVE-2023-39477](https://nvd.nist.gov/vuln/detail/CVE-2023-39477)

漏洞归属组件：[ignition](https://gitee.com/src-openeuler/ignition)

漏洞归属的版本：2.14.0,2.15.0,2.16.2,2.9.0

CVSS V3.0分值：

BaseScore：7.5 High

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

漏洞简述：

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.

漏洞公开时间：2024-05-03 11:15:13

漏洞创建时间：2024-05-03 16:33:11

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2023-39477

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| zdi-disclosures.trendmicro.com | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | |

| zdi-disclosures.trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2023-39477 |

| ZeroDay | https://inductiveautomation.com/downloads/releasenotes/8.1.33 | https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

7.5

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):

修复是否涉及abi变化(是/否)：

1.master(2.15.0):

2.openEuler-20.03-LTS-SP1:

3.openEuler-20.03-LTS-SP4:

4.openEuler-22.03-LTS(2.14.0):

5.openEuler-22.03-LTS-Next(2.14.0):

6.openEuler-22.03-LTS-SP1(2.14.0):

7.openEuler-22.03-LTS-SP2(2.14.0):

8.openEuler-22.03-LTS-SP3(2.14.0):

9.openEuler-24.03-LTS(2.18.0):

10.openEuler-24.03-LTS-Next(2.18.0):