An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.
References
Link | Resource |
---|---|
https://industrial.softing.com/ | Vendor Advisory |
https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-11-10 15:15
Updated : 2021-11-16 07:01
NVD link : CVE-2021-40872
Mitre link : CVE-2021-40872
JSON object : View
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
Products Affected
softing
- uatoolkit_embedded
- smartlink_hw-dp