PT-2021-22997 · Softing · Softing Industrial Automation Opc Ua C++ Sdk
Published
2021-11-10
·
Updated
2021-11-16
·
CVE-2021-40873
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Softing Industrial Automation OPC UA C++ SDK versions prior to 5.66
uaToolkit Embedded versions prior to 1.40
Description
An issue was discovered that allows remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.
Recommendations
For Softing Industrial Automation OPC UA C++ SDK versions prior to 5.66, update to version 5.66 or later to resolve the issue.
For uaToolkit Embedded versions prior to 1.40, update to version 1.40 or later to resolve the issue.
As a temporary workaround, consider implementing measures to restrict or filter incoming messages to prevent crafted messages from reaching the server.
Fix
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Softing Industrial Automation Opc Ua C++ Sdk