CVE-2021-40871
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.
Se ha detectado un problema en Softing Industrial Automation OPC UA C++ SDK versiones anteriores a 5.66. Unos atacantes remotos pueden causar una denegación de servicio (DoS) mediante el envío de mensajes diseñados a un cliente OPC/UA. El proceso del cliente puede bloquearse inesperadamente debido a un reparto de tipos erróneo, y debe reiniciarse
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-09-13 CVE Reserved
- 2021-11-10 CVE Published
- 2024-07-26 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://industrial.softing.com | 2021-11-16 | |
| https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf | 2021-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Softing Search vendor "Softing" | Datafeed Opc Suite Search vendor "Softing" for product "Datafeed Opc Suite" | < 5.18 Search vendor "Softing" for product "Datafeed Opc Suite" and version " < 5.18" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Opc Search vendor "Softing" for product "Opc" | < 5.66 Search vendor "Softing" for product "Opc" and version " < 5.66" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Secure Integration Server Search vendor "Softing" for product "Secure Integration Server" | <= 1.22 Search vendor "Softing" for product "Secure Integration Server" and version " <= 1.22" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Th Scope Search vendor "Softing" for product "Th Scope" | >= 3.5 Search vendor "Softing" for product "Th Scope" and version " >= 3.5" | - |
Affected
| ||||||