CVE-2021-40872

Опубликовано: 10 нояб. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.

Ссылки

https://industrial.softing.com/
Vendor Advisory
https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf
Vendor Advisory
https://industrial.softing.com/
Vendor Advisory
https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*

Версия до 1.10 (включая)

cpe:2.3:a:softing:uatoolkit_embedded:*:*:*:*:*:*:*:*

Версия до 1.40 (исключая)

EPSS

Процентиль: 71%

0.00665

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-843

Связанные уязвимости

GHSA-hp52-5qr2-jq2v

github

больше 3 лет назад