Design/Logic Flaw

2021-11-1023:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.

CPENameOperatorVersion
smartlink_hw-dple1.10
uatoolkit_embeddedlt1.40

CPE	Name	Operator	Version
	smartlink_hw-dp	le	1.10
	uatoolkit_embedded	lt	1.40

References

industrial.softing.com/

industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf