An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.
References
Link | Resource |
---|---|
https://industrial.softing.com/ | Vendor Advisory |
https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf | Vendor Advisory |
https://industrial.softing.com/ | Vendor Advisory |
https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://industrial.softing.com/ - Vendor Advisory | |
References | () https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf - Vendor Advisory |
16 Nov 2021, 14:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:softing:edgeconnector:*:*:*:*:*:*:*:* cpe:2.3:a:softing:datafeed_opc_suite:*:*:*:*:*:*:*:* cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:* cpe:2.3:a:softing:th_scope:*:*:*:*:*:*:*:* cpe:2.3:a:softing:uagates:*:*:*:*:*:*:*:* cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:* cpe:2.3:a:softing:uatoolkit_embedded:*:*:*:*:*:*:*:* |
|
CWE | CWE-415 | |
References | (MISC) https://industrial.softing.com/ - Vendor Advisory | |
References | (MISC) https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
11 Nov 2021, 01:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-10 23:15
Updated : 2024-11-21 06:24
NVD link : CVE-2021-40873
Mitre link : CVE-2021-40873
CVE.ORG link : CVE-2021-40873
JSON object : View
Products Affected
softing
- datafeed_opc_suite
- uagates
- th_scope
- edgeconnector
- uatoolkit_embedded
- opc
- secure_integration_server
CWE
CWE-415
Double Free