CVE-2021-45117

Published: Mar 21, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.

Affected (7)

Products: Opcfoundation: Ua Nodeset · Siemens: Simatic Net Pc, Sitop Manager, Telecontrol Server Basic

1 product

3 products

Telecontrol Server Basic

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opcfoundation Ua Nodeset	Before 1.05.01

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Net Pc	Version 14
Siemens Simatic Net Pc	Version 15
Siemens Simatic Net Pc	Version 16
Siemens Simatic Net Pc	Version 17
Siemens Sitop Manager	All versions
Siemens Telecontrol Server Basic	Version 3.0

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (6)

https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf

Source: cve@mitre.org

PatchThird Party Advisory

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-45117.pdf

Source: cve@mitre.org

PatchVendor Advisory

https://www.youtube.com/watch?v=qv-RBdCaV4k

Source: cve@mitre.org

ExploitThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-45117.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.youtube.com/watch?v=qv-RBdCaV4k

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.