Vulnerabilities > CVE-2021-40872 - Type Confusion vulnerability in Softing Smartlink Hw-Dp and Uatoolkit Embedded

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

softing

CWE-843

NVD

Published: 2021-11-10

Updated: 2021-11-16

Summary

An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.

Vulnerable Configurations

Part	Description	Count
Application	Softing Softing Smartlink HW DP - Softing Smartlink HW DP 1.10 Softing Uatoolkit Embedded - Softing Uatoolkit Embedded 1.31	4

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References