CVE-2021-38487
published 2022-05-05CVE-2021-38487: RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to…
PriorityP354critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
3.33%
87.1th percentile
RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rti | connext_dds_micro | >= 2.4 | — |
| rti | connext_micro | >= 2.4.0 < 2.4.* | 2.4.* |
| rti | connext_micro | >= 3.0.0 < 3.0.* | 3.0.* |
| rti | connext_micro | >= 4.0.0 < 4.0.* | 4.0.* |
| rti | connext_professional | >= 4.1 < 6.1.0 | 6.1.0 |
| rti | connext_professional | >= 4.2 < 6.1.0 | 6.1.0 |
| rti | connext_secure | >= 4.2 < 6.1.0 | 6.1.0 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Multiple Data Distribution Service (DDS) Implementations (Update A)
cisa_ics·2021-11-11
Multiple Data Distribution Service (DDS) Implementations (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple Data Distribution Service (DDS) Implementations (Update A)
Last RevisedFebruary 01, 2022
Alert CodeICSA-21-315-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Eclipse, eProsima, GurumNetworks, Object Computing, Inc. (OCI), Real-Time Innovations (RTI), TwinOaks Computing
- Equipment: CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS Secure, Connext DDS Micro, CoreDX DDS
- Vulnerabilities: Write-what-where Condition, Improper Handling of Syntactically Invalid Structure, Network Amp
GHSA
GHSA-vhvr-hgg7-6xqj: RTI Connext DDS Professional, Connext DDS Secure versions 4
ghsa_unreviewed·2022-05-06
CVE-2021-38487 [CRITICAL] CWE-406 GHSA-vhvr-hgg7-6xqj: RTI Connext DDS Professional, Connext DDS Secure versions 4
RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.
No detection rules found.
No public exploits indexed.
Trendmicro
Data Distribution Service: Nicht immer sicher
blogs_trendmicro·2022-05-11
Data Distribution Service: Nicht immer sicher
Ausnutzung von Schwachstellen
## Data Distribution Service: Nicht immer sicher
Das Data Distribution Service (DDS)-Protokoll wird seit mehr als einem Jahrzehnt verwendet, ist aber selbst vielen Branchenexperten nicht bekannt. Wir haben diese wichtige Middleware auf Lücken untersucht – und sind leider fündig geworden.
By: Trend Micro May 11, 2022 Read time: ( words)
Save to Folio
Originalbeitrag von Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), Victor Mayoral Vilches (Alias Robotics)
Das Data Distribution Service (DDS)-Protokoll wird seit mehr als einem Jahrzehnt verwendet, ist aber selbst vielen Branchenexperten nicht bekannt. Die Middleware-Technologie ist für den Betrieb von Milli
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro 2022/04/19 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware s
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
# Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
Apr 19, 2022
Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits y vulnerabilidades
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middlewar
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Sfruttamento vulnerabilità
## Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro Apr 19, 2022 Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware
Trendmicro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
blogs_trendmicro·2022-04-19
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Exploits & Vulnerabilities
# Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
2022/04/19
Read time: ( words)
Save to Folio
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware s
Trendmicro
DDS: Allgegenwärtig, wenig beachtet und gefährlich
blogs_trendmicro·2022-01-27
DDS: Allgegenwärtig, wenig beachtet und gefährlich
ICS OT
## Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Federico Maggi, Erik Boasson, Mars Cheng, Patrick Kuo, Chizuru Toyama, Víctor Mayoral Vilches, Rainer Vosseler, Ta-Lun Yen Jan 27, 2022 Read time: ( words)
Save to Folio
Originalartikel von Federico Maggi, Erik Boasson, Mars Cheng, Patrick Kuo, Chizuru Toyama, Víctor Mayoral Vilches, Rainer Vosseler, Ta-Lun Yen, Threat Researchers
Der Data Distribution Service ( DDS )-Standard ist die am
Trendmicro
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
blogs_trendmicro·2022-01-27
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
ICS OT
# Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
Jan 27, 2022
Read time: ( words)
Save to Folio
By Federico Maggi, Erik Boasson, Mars Cheng, Patrick Kuo, Chizuru Toyama, Víctor Mayoral Vilches, Rainer Vosseler, and Ta-Lun Yen
If there existed a prize for the most pervasive, critical, and least-known middleware technology, the Data Distribution Service (DDS) standard would certainly win it. When we first presented the results
Trendmicro
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
blogs_trendmicro·2022-01-27
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
ICS OT
# Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
By: Trend Micro
2022/01/27
Read time: ( words)
Save to Folio
By Federico Maggi, Erik Boasson, Mars Cheng, Patrick Kuo, Chizuru Toyama, Víctor Mayoral Vilches, Rainer Vosseler, and Ta-Lun Yen
If there existed a prize for the most pervasive, critical, and least-known middleware technology, the Data Distribution Service (DDS) standard would certainly win it. When we first presented the results o
2022-05-05
Published