CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40872

An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://industrial.softing.com/
https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf
https://industrial.softing.com/
https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf

Products affected by CVE-2021-40872

Softing » Smartlink Hw-Dp » Version: N/A

cpe:2.3:a:softing:smartlink_hw-dp:-
Softing » Smartlink Hw-Dp » Version: 1.10

cpe:2.3:a:softing:smartlink_hw-dp:1.10
Softing » Uatoolkit Embedded » Version: N/A

cpe:2.3:a:softing:uatoolkit_embedded:-
Softing » Uatoolkit Embedded » Version: 1.31

cpe:2.3:a:softing:uatoolkit_embedded:1.31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40872

Products

Pricing

Contact Us