CVE-2021-40872

Name of the Vulnerable Software and Affected Versions Softing Industrial Automation uaToolkit Embedded versions prior to 1.40

Description An issue allows remote attackers to cause a denial of service (DoS) or login as an anonymous user by sending crafted messages to an OPC/UA server. The server process may crash unexpectedly due to an invalid type cast and must be restarted.

Recommendations For versions prior to 1.40, update to version 1.40 or later to resolve the issue. As a temporary workaround, consider implementing additional security checks to prevent anonymous login and restricting access to the OPC/UA server to minimize the risk of exploitation.