CVE-2021-27434

🗓️ 20 May 2021 13:42:54Reported by icscertType

Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior are vulnerable to uncontrolled recursion, leading to a potential stack overflo

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the OPC UA Client/Server SDK Bundle for client-server applications in Unified Automation .NET allows a perpetrator to disclose protected information.	12 Apr 202200:00	–	bdu_fstec
CNNVD	Siemens SIMATIC OPC UA 信息泄露漏洞	13 May 202100:00	–	cnnvd
CNVD	Siemens SIMATIC OPC UA Information Disclosure Vulnerability	14 May 202100:00	–	cnvd
CVE	CVE-2021-27434	20 May 202113:42	–	cve
EUVD	EUVD-2021-14188	7 Oct 202500:30	–	euvd
ICS	OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5	13 May 202100:00	–	ics
NVD	CVE-2021-27434	20 May 202114:15	–	nvd
OSV	CVE-2021-27434	20 May 202114:15	–	osv
Prion	Stack overflow	20 May 202114:15	–	prion
Positive Technologies	PT-2021-6748 · Unified Automation · Unified Automation .Net Based Opc Ua Client/Server Sdk Bundle	19 Feb 202100:00	–	ptsecurity

[
  {
    "product": "OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only)"
      }
    ]
  }
]

Source	Link
us-cert	www.us-cert.cisa.gov/ics/advisories/icsa-21-133-04

20 May 2021 13:42Current

7.6High risk

Vulners AI Score7.6

EPSS0.01741

CWE-200