CVE-2021-40142

moderate-risk
Published 2021-08-27

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (11)

Local Discover Server
Simatic Process Historian Opc Ua Server Firmware
Simatic Process Historian Opc Ua Server Firmware
Simatic Net Pc
Simatic Net Pc
Simatic Net Pc
Simatic Net Pc
Simatic Wincc Runtime
Simatic Wincc Unified Scada Runtime

Affected Vendors

Siemens Opcfoundation

References (6)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf
Patch https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20...
Vendor Advisory https://opcfoundation.org/security-bulletins/
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf
Patch https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20...
Vendor Advisory https://opcfoundation.org/security-bulletins/
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 16/34 · Moderate