CVE-2021-32994

Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-168-02 Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-168-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:08

Type Values Removed Values Added
References () https://www.cisa.gov/uscert/ics/advisories/icsa-21-168-02 - Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-21-168-02 - Third Party Advisory, US Government Resource

13 Apr 2022, 13:25

Type Values Removed Values Added
CPE cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:*:*:*:*:*:*:*:*
References (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-168-02 - (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-168-02 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-119

04 Apr 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-04 20:15

Updated : 2024-11-21 06:08


NVD link : CVE-2021-32994

Mitre link : CVE-2021-32994

CVE.ORG link : CVE-2021-32994


JSON object : View

Products Affected

softing

  • opc_ua_c\+\+_software_development_kit
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer