CVE-2021-40873
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.
Se ha detectado un problema en Softing Industrial Automation OPC UA C++ SDK versiones anteriores a 5.66, y en uaToolkit Embedded versiones anteriores a 1.40. Unos atacantes remotos pueden causar una denegación de servicio (DoS) mediante el envío de mensajes diseñados a un cliente o servidor. El proceso del servidor puede bloquearse inesperadamente debido a una doble liberación, y debe ser reiniciado
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-09-13 CVE Reserved
- 2021-11-10 CVE Published
- 2024-07-26 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-415: Double Free
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://industrial.softing.com | 2021-11-16 | |
| https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf | 2021-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Softing Search vendor "Softing" | Datafeed Opc Suite Search vendor "Softing" for product "Datafeed Opc Suite" | < 5.18 Search vendor "Softing" for product "Datafeed Opc Suite" and version " < 5.18" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Edgeconnector Search vendor "Softing" for product "Edgeconnector" | <= 2.31 Search vendor "Softing" for product "Edgeconnector" and version " <= 2.31" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Opc Search vendor "Softing" for product "Opc" | < 5.66 Search vendor "Softing" for product "Opc" and version " < 5.66" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Secure Integration Server Search vendor "Softing" for product "Secure Integration Server" | <= 1.22 Search vendor "Softing" for product "Secure Integration Server" and version " <= 1.22" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Th Scope Search vendor "Softing" for product "Th Scope" | >= 3.5 Search vendor "Softing" for product "Th Scope" and version " >= 3.5" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Uagates Search vendor "Softing" for product "Uagates" | < 1.73 Search vendor "Softing" for product "Uagates" and version " < 1.73" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Uatoolkit Embedded Search vendor "Softing" for product "Uatoolkit Embedded" | < 1.40 Search vendor "Softing" for product "Uatoolkit Embedded" and version " < 1.40" | - |
Affected
| ||||||