Vulnerabilities > CVE-2021-40872 - Type Confusion vulnerability in Softing Smartlink Hw-Dp and Uatoolkit Embedded

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

softing

CWE-843

NVD

Published: 2021-11-10

Updated: 2021-11-16

Summary

An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.

Vulnerable Configurations

Part	Description	Count
Application	Softing Softing Smartlink HW DP - Softing Smartlink HW DP 1.10 Softing Uatoolkit Embedded - Softing Uatoolkit Embedded 1.31	4

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

https://industrial.softing.com/
https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf