CVE-2024-25075

Name of the Vulnerable Software and Affected Versions Softing uaToolkit Embedded versions prior to 1.41.1

Description An issue was discovered in Softing uaToolkit Embedded. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of memory, i.e., a denial of service.

Recommendations For versions prior to 1.41.1, update to version 1.41.1 or later to resolve the issue. As a temporary workaround, consider restricting the creation of subscriptions with very low MaxNotificationPerPublish parameters to minimize the risk of exploitation.