Vulnerability Details CVE-2021-45117
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf
- https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-45117.pdf
- https://www.youtube.com/watch?v=qv-RBdCaV4k
- https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf
- https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-45117.pdf
- https://www.youtube.com/watch?v=qv-RBdCaV4k
Products affected by CVE-2021-45117
-
cpe:2.3:a:opcfoundation:ua-nodeset:*
-
cpe:2.3:a:siemens:simatic_net_pc:14
-
cpe:2.3:a:siemens:simatic_net_pc:15
-
cpe:2.3:a:siemens:simatic_net_pc:16
-
cpe:2.3:a:siemens:simatic_net_pc:17
-
cpe:2.3:a:siemens:sitop_manager:-
-
cpe:2.3:a:siemens:telecontrol_server_basic:3.0