In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf | Patch Third Party Advisory |
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf | Patch Vendor Advisory |
https://opcfoundation.org/security-bulletins/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
History
03 Sep 2022, 03:54
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf - Patch, Third Party Advisory | |
First Time |
Siemens simatic Wincc Runtime
Siemens simatic Net Pc Siemens simatic Wincc Siemens simatic Process Historian Opc Ua Server Siemens simatic Process Historian Opc Ua Server Firmware Siemens Siemens simatic Wincc Unified Scada Runtime Siemens telecontrol Server Basic |
|
CPE | cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:2022:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_net_pc:15:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_net_pc:14:-:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:telecontrol_server_basic:3.0:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_net_pc:17:-:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_wincc_runtime:-:*:*:*:professional:*:*:* cpe:2.3:a:siemens:simatic_wincc_unified_scada_runtime:-:*:*:*:*:*:*:* |
10 May 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Sep 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:opcfoundation:local_discover_server:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-119 | |
References | (MISC) https://opcfoundation.org/security-bulletins/ - Vendor Advisory | |
References | (MISC) https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf - Patch, Vendor Advisory |
27 Aug 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-27 07:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-40142
Mitre link : CVE-2021-40142
CVE.ORG link : CVE-2021-40142
JSON object : View
Products Affected
siemens
- telecontrol_server_basic
- simatic_net_pc
- simatic_process_historian_opc_ua_server
- simatic_process_historian_opc_ua_server_firmware
- simatic_wincc
- simatic_wincc_unified_scada_runtime
- simatic_wincc_runtime
opcfoundation
- local_discover_server
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer