CVE-2021-40142

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opcfoundation Local Discover Server Siemens Simatic Process Historian OPC UA Server Firmware Siemens Simatic NET PC +1 more

Timeline

PublishedAug 27

Latest updateMay 24

Description

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDopcfoundation/local_discover_server< 1.04.402.463

▶NVDsiemens/simatic_process_historian_opc_ua< 2022+1

▶NVDsiemens/telecontrol3.0

▶NVDsiemens/simatic_net_pc4 versions+3

Patches

Patch: cert-portal.siemens.com ↗Patch: files.opcfoundation.org ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-5524-cf37-2p8f: In OPC Foundation Local Discovery Server (LDS) before 1↗2022-05-24

▶

CVEList

CVE-2021-40142: In OPC Foundation Local Discovery Server (LDS) before 1↗2021-08-27

▶