CVE-2021-40872

Published: Nov 10, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.

Affected (2)

Products: Softing: Smartlink Hw Dp, Uatoolkit Embedded

2 products

Smartlink Hw Dp

Uatoolkit Embedded

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Softing Smartlink Hw Dp	Up to 1.10
Softing Uatoolkit Embedded	Before 1.40

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (4)

https://industrial.softing.com/

Source: cve@mitre.org

Vendor Advisory

https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf

Source: cve@mitre.org

Vendor Advisory

https://industrial.softing.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.