CVE-2021-38447
published 2022-05-05CVE-2021-38447: OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.11%
79.4th percentile
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| objectcomputing | opendds | < 3.18.1 | 3.18.1 |
| oci | opendds | >= unspecified < 3.18.1 | 3.18.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Multiple Data Distribution Service (DDS) Implementations (Update A)
cisa_ics·2021-11-11
Multiple Data Distribution Service (DDS) Implementations (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple Data Distribution Service (DDS) Implementations (Update A)
Last RevisedFebruary 01, 2022
Alert CodeICSA-21-315-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Eclipse, eProsima, GurumNetworks, Object Computing, Inc. (OCI), Real-Time Innovations (RTI), TwinOaks Computing
- Equipment: CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS Secure, Connext DDS Micro, CoreDX DDS
- Vulnerabilities: Write-what-where Condition, Improper Handling of Syntactically Invalid Structure, Network Amp
GHSA
GHSA-w75x-f9jm-qxx4: OCI OpenDDS versions prior to 3
ghsa_unreviewed·2022-05-06
CVE-2021-38447 [HIGH] CWE-405 GHSA-w75x-f9jm-qxx4: OCI OpenDDS versions prior to 3
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.
No detection rules found.
No public exploits indexed.
Trendmicro
Data Distribution Service: Mitigating Risks Part 3
blogs_trendmicro·2022-07-11·CVSS 7.0
[HIGH] Data Distribution Service: Mitigating Risks Part 3
Privacy & Risks
# Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
By: Trend Micro
Jul 11, 2022
Read time: ( words)
Save to Folio
In part two, we thoroughly discussed both known and newly discovered vulnerabilities affecting DDS. Thirteen vulnerabilities discovered by our team were given new CVE IDs in November 2021 from the six most common DDS implementations, plus one vulnerability in the standard specifications.
For the final, let’s explore an attack scenario to showcase what would happen if DDS is compromised, several mitigation strategies and recommendations that enterprises can utilize to ensure their systems are well-protected.
Attack s
Trendmicro
Data Distribution Service: Mitigating Risks Part 3
blogs_trendmicro·2022-07-11·CVSS 7.0
[HIGH] Data Distribution Service: Mitigating Risks Part 3
Privacy & Risks
## Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
By: Trend Micro Jul 11, 2022 Read time: ( words)
Save to Folio
In part two , we thoroughly discussed both known and newly discovered vulnerabilities affecting DDS. Thirteen vulnerabilities discovered by our team were given new CVE IDs in November 2021 from the six most common DDS implementations, plus one vulnerability in the standard specifications.
For the final, let’s explore an attack scenario to showcase what would happen if DDS is compromised, several mitigation strategies and recommendations that enterprises can utilize to ensure their systems are well-protected.
The tel
Trendmicro
Data Distribution Service: Mitigating Risks Part 3
blogs_trendmicro·2022-07-11·CVSS 7.0
[HIGH] Data Distribution Service: Mitigating Risks Part 3
Risiken für die Privatsphäre
## Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
By: Trend Micro Jul 11, 2022 Lesezeit: ( Wörter)
Save to Folio
In part two , we thoroughly discussed both known and newly discovered vulnerabilities affecting DDS. Thirteen vulnerabilities discovered by our team were given new CVE IDs in November 2021 from the six most common DDS implementations, plus one vulnerability in the standard specifications.
For the final, let’s explore an attack scenario to showcase what would happen if DDS is compromised, several mitigation strategies and recommendations that enterprises can utilize to ensure their systems are well-protec
Trendmicro
Data Distribution Service: Mitigating Risks Part 3
blogs_trendmicro·2022-07-11·CVSS 7.0
[HIGH] Data Distribution Service: Mitigating Risks Part 3
Privacy & Risks
# Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
By: Trend Micro
2022/07/11
Read time: ( words)
Save to Folio
In part two, we thoroughly discussed both known and newly discovered vulnerabilities affecting DDS. Thirteen vulnerabilities discovered by our team were given new CVE IDs in November 2021 from the six most common DDS implementations, plus one vulnerability in the standard specifications.
For the final, let’s explore an attack scenario to showcase what would happen if DDS is compromised, several mitigation strategies and recommendations that enterprises can utilize to ensure their systems are well-protected.
Attack sce
Trendmicro
Data Distribution Service: Mitigating Risks Part 3
blogs_trendmicro·2022-07-11·CVSS 7.0
[HIGH] Data Distribution Service: Mitigating Risks Part 3
Privacidad y riesgos
## Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
By: Trend Micro Jul 11, 2022 Read time: ( words)
Save to Folio
In part two , we thoroughly discussed both known and newly discovered vulnerabilities affecting DDS. Thirteen vulnerabilities discovered by our team were given new CVE IDs in November 2021 from the six most common DDS implementations, plus one vulnerability in the standard specifications.
For the final, let’s explore an attack scenario to showcase what would happen if DDS is compromised, several mitigation strategies and recommendations that enterprises can utilize to ensure their systems are well-protected.
Th
Trendmicro
Data Distribution Service: Mitigating Risks Part 3
blogs_trendmicro·2022-07-11·CVSS 7.0
[HIGH] Data Distribution Service: Mitigating Risks Part 3
Privacy & Risks
## Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
By: Trend Micro 2022/07/11 Read time: ( words)
Save to Folio
In part two , we thoroughly discussed both known and newly discovered vulnerabilities affecting DDS. Thirteen vulnerabilities discovered by our team were given new CVE IDs in November 2021 from the six most common DDS implementations, plus one vulnerability in the standard specifications.
For the final, let’s explore an attack scenario to showcase what would happen if DDS is compromised, several mitigation strategies and recommendations that enterprises can utilize to ensure their systems are well-protected.
The teleo
Trendmicro
Data Distribution Service: Mitigating Risks Part 3
blogs_trendmicro·2022-07-11·CVSS 7.0
[HIGH] Data Distribution Service: Mitigating Risks Part 3
Rischi di Privacy
## Data Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
By: Trend Micro Jul 11, 2022 Read time: ( words)
Save to Folio
In part two , we thoroughly discussed both known and newly discovered vulnerabilities affecting DDS. Thirteen vulnerabilities discovered by our team were given new CVE IDs in November 2021 from the six most common DDS implementations, plus one vulnerability in the standard specifications.
For the final, let’s explore an attack scenario to showcase what would happen if DDS is compromised, several mitigation strategies and recommendations that enterprises can utilize to ensure their systems are well-protected.
The t
Trendmicro
Data Distribution Service: Nicht immer sicher
blogs_trendmicro·2022-05-11
Data Distribution Service: Nicht immer sicher
Ausnutzung von Schwachstellen
## Data Distribution Service: Nicht immer sicher
Das Data Distribution Service (DDS)-Protokoll wird seit mehr als einem Jahrzehnt verwendet, ist aber selbst vielen Branchenexperten nicht bekannt. Wir haben diese wichtige Middleware auf Lücken untersucht – und sind leider fündig geworden.
By: Trend Micro May 11, 2022 Read time: ( words)
Save to Folio
Originalbeitrag von Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), Victor Mayoral Vilches (Alias Robotics)
Das Data Distribution Service (DDS)-Protokoll wird seit mehr als einem Jahrzehnt verwendet, ist aber selbst vielen Branchenexperten nicht bekannt. Die Middleware-Technologie ist für den Betrieb von Milli
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro 2022/04/19 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware s
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
# Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
Apr 19, 2022
Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits y vulnerabilidades
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middlewar
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Sfruttamento vulnerabilità
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
# Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
2022/04/19
Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware s
2022-05-05
Published