Lucene search

[email protected]CVE-2021-40873

HistoryNov 10, 2021 - 11:15 p.m.

CVE-2021-40873

2021-11-1023:15:08

CWE-415

[email protected]

web.nvd.nist.gov

cve-2021-40873

softing industrial automation

opc ua

c++

sdk

uatoolkit embedded

denial of service

remote attackers

crafted messages

server process crash

double free

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.9%

JSON

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.

Affected configurations

NVD

Node

softingdatafeed_opc_suiteRange<5.18

softingedgeconnectorRange≤2.31

softingopcRange<5.66

softingsecure_integration_serverRange≤1.22

softingth_scopeRange3.5≥

softinguagatesRange<1.73

softinguatoolkit_embeddedRange<1.40

CPENameOperatorVersion
softing:datafeed_opc_suitesofting datafeed opc suitelt5.18
softing:edgeconnectorsofting edgeconnectorle2.31
softing:opcsofting opclt5.66
softing:secure_integration_serversofting secure integration serverle1.22
softing:th_scopesofting th scopeeq*
softing:uagatessofting uagateslt1.73
softing:uatoolkit_embeddedsofting uatoolkit embeddedlt1.40

CPE	Name	Operator	Version
softing:datafeed_opc_suite	softing datafeed opc suite	lt	5.18
softing:edgeconnector	softing edgeconnector	le	2.31
softing:opc	softing opc	lt	5.66
softing:secure_integration_server	softing secure integration server	le	1.22
softing:th_scope	softing th scope	eq	*
softing:uagates	softing uagates	lt	1.73
softing:uatoolkit_embedded	softing uatoolkit embedded	lt	1.40

References

industrial.softing.com/

industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for CVE-2021-40873

prion1 nvd1 cvelist1