CVE-2021-40142

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

Published: Aug 27, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-40142
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
opcfoundation / local_discover_server	-	1.04.402.463
siemens / simatic_process_historian_opc_ua_server_firmware	-	2022
siemens / simatic_process_historian_opc_ua_server_firmware	2022	2022.x
siemens / simatic_net_pc	16	16.x
siemens / simatic_net_pc	15	15.x
siemens / simatic_net_pc	14	14.x
siemens / telecontrol_server_basic	3.0	3.0.x
siemens / simatic_net_pc	17	17.x

https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf
https://opcfoundation.org/security-bulletins/

Vulnerability Database

289,599

CVE-2021-40142