Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-27432 (GCVE-0-2021-27432)
Vulnerability from cvelistv5 – Published: 2021-05-20 15:20 – Updated: 2024-08-03 20:48
VLAI?
EPSS
Summary
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
Severity ?
No CVSS data available.
CWE
- CWE-674 - UNCONTROLLED RECURSION CWE-674
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | OPC Foundation OPC UA .NET Standard and OPC UA .NET Legacy |
Affected:
OPC UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OPC Foundation OPC UA .NET Standard and OPC UA .NET Legacy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OPC UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "UNCONTROLLED RECURSION CWE-674",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T15:20:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPC Foundation OPC UA .NET Standard and OPC UA .NET Legacy",
"version": {
"version_data": [
{
"version_value": "OPC UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RECURSION CWE-674"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27432",
"datePublished": "2021-05-20T15:20:01.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:17.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-27432",
"date": "2026-04-20",
"epss": "0.00222",
"percentile": "0.44828"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-27432\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2021-05-20T16:15:07.967\",\"lastModified\":\"2024-11-21T05:57:58.743\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.\"},{\"lang\":\"es\",\"value\":\"OPC Foundation UA ??.NET Standard versiones anteriores a 1.4.365.48 y OPC UA .NET Legacy, son vulnerables a una recursividad no controlada, que puede permitir a un atacante desencadenar un desbordamiento de pila\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opcfoundation:ua-.net-legacy:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B04F956C-0D6B-453D-AA1B-4AB522B0C474\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opcfoundation:ua_.net_standard_stack:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.365.48\",\"matchCriteriaId\":\"2A02376A-04D5-48A2-9D3E-242FA6E3C00B\"}]}]}],\"references\":[{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
ICSA-21-294-03
Vulnerability from csaf_cisa - Published: 2021-10-21 00:00 - Updated: 2021-10-21 00:00Summary
ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of this vulnerability could trigger a stack overflow.
Critical infrastructure sectors: Multiple Sectors
Countries/areas deployed: Worldwide
Company headquarters location: ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target this vulnerability.
7.5 (High)
Mitigation
ICONICS and Mitsubishi Electric are releasing Critical Fix Rollup packages or patches that will include the solution to this vulnerability. GENESIS64 Versions 10.97.1 and later will not be vulnerable to this exploit.
Mitigation
Place control system networks and devices behind firewalls to isolate them from the business network.
Mitigation
Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.
Mitigation
Do not click web links or open unsolicited attachments in e-mail messages.
Mitigation
Leverage OPC UA security and certificates to ensure ICONICS products only connect to trusted OPC UA servers and clients.
Mitigation
Install the applicable Critical Fixes Rollup, if available.
Mitigation
ICONICS provides information and useful links related to its security updates at its company website.
http://www.iconics.com/certs
Mitigation
Mitsubishi Electric provides information and useful links related to its security updates its company website.
https://www.mitsubishielectric.com/en/psirt/vulne…
References
Acknowledgments
the Otorio Research Team
Eran Jacob
{
"document": {
"acknowledgments": [
{
"names": [
"Eran Jacob"
],
"organization": "the Otorio Research Team",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could trigger a stack overflow.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple Sectors",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-294-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-294-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-294-03 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-294-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA",
"tracking": {
"current_release_date": "2021-10-21T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-294-03",
"initial_release_date": "2021-10-21T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-10-21T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-294-03 ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA "
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 10.97",
"product": {
"name": "MobileHMI: Versions 10.97 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "MobileHMI"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 10.97",
"product": {
"name": "AnalytiX: Versions 10.97 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "AnalytiX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 10.97",
"product": {
"name": "GENESIS64: Versions 10.97 and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "GENESIS64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.04E",
"product": {
"name": "MC Works64: Versions 4.04E and prior",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "MC Works64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 10.97",
"product": {
"name": "Hyper Historian: Versions 10.97 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Hyper Historian"
}
],
"category": "vendor",
"name": "ICONICS, Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27432",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "The affected products are vulnerable to an uncontrollable recursion, which may trigger a stack-based buffer overflow.CVE-2021-27432 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27432"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing Critical Fix Rollup packages or patches that will include the solution to this vulnerability. GENESIS64 Versions 10.97.1 and later will not be vulnerable to this exploit.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Place control system networks and devices behind firewalls to isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in e-mail messages.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Leverage OPC UA security and certificates to ensure ICONICS products only connect to trusted OPC UA servers and clients.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Install the applicable Critical Fixes Rollup, if available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "ICONICS provides information and useful links related to its security updates at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric provides information and useful links related to its security updates its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-016_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
}
]
}
ICSA-21-133-03
Vulnerability from csaf_cisa - Published: 2021-05-13 00:00 - Updated: 2021-05-13 00:00Summary
OPC Foundation UA Products Built with .NET Framework
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of this vulnerability could trigger a stack overflow.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target this vulnerability.
7.5 (High)
Vendor Fix
OPC Foundation recommends users install the OPC UA .NET Standard stack update.
https://github.com/OPCFoundation/UA-.NETStandard/…
References
| URL | Category | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Acknowledgments
the Otorio Research Team
Eran Jacob
{
"document": {
"acknowledgments": [
{
"names": [
"Eran Jacob"
],
"organization": "the Otorio Research Team",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could trigger a stack overflow.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-133-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-133-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-133-03 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-133-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "OPC Foundation UA Products Built with .NET Framework",
"tracking": {
"current_release_date": "2021-05-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-133-03",
"initial_release_date": "2021-05-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-05-13T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-133-03 OPC Foundation UA Products Built with NET Framework"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.4.365.48",
"product": {
"name": "OPC UA .NET Standard: versions prior to 1.4.365.48",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "OPC UA .NET Standard"
}
],
"category": "vendor",
"name": "OPC Foundation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27432",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "The affected products are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.CVE-2021-27432 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27432"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "OPC Foundation recommends users install the OPC UA .NET Standard stack update.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.365.48"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
GHSA-5RM8-9376-7GG5
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI?
Details
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
{
"affected": [],
"aliases": [
"CVE-2021-27432"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-20T16:15:00Z",
"severity": "HIGH"
},
"details": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"id": "GHSA-5rm8-9376-7gg5",
"modified": "2022-05-24T19:02:50Z",
"published": "2022-05-24T19:02:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27432"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
}
],
"schema_version": "1.4.0",
"severity": []
}
VDE-2021-008
Vulnerability from csaf_beckhoffautomationgmbhcokg - Published: 2024-10-21 08:00 - Updated: 2025-05-22 13:03Summary
Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products
Notes
Summary: The affected products can act as OPC UA client or server and are vulnerable to two different kind of attacks via
the OPC UA protocol. For both cases the attacker can send packets via the OPC UA protocol without the need to
authenticate and
1. provoke a stack overflow resulting in denial of service of the product or
2. make the product disclose information to the attacker without authorization.
Impact: For both kinds of attacks the attacker needs to use a specifically crafted OPC UA client when attacking an OPC UA server respectively needs to use a specifically crafted OPC UA server when attacking an OPC UA client. For attacking a server the attacker needs to be able to establish a TCP connection to that server. For attacking a client the attacker needs to be able to make the client connect to the attacker's server. For all cases it is sufficient if after the establishment of the TCP connection the attacker lets the specifically crafted application (client or server) respond with a sequence of specifically crafted network packets. No authentication is required by the attacker.
For the first kind of attack the specifically crafted network packets cause a stack overflow as consequence of an uncontrolled recursion when the attacked application (client or server) processes them. With the components of the product described above, this attack results in a denial of service because the components become unavailable and need to be restarted manually after the attack.
For the second kind of attack the specifically crafted network packets cause the attacked application to resolve XML entities which allows the inclusion of contents from files on disk as far as they are accessible to the attacked application. Further processing of XML entities allow the resulting XML content to be posted to an HTTP server of the attackers choice. This allows the disclosure of file content from the computer the attacked application is running on even though the attacker is not required to authenticate nor to have access to these files.
The second attack is possible only if an outdated version of a .NET Framework from Microsoft is used. For more information like vulnerable and fixed versions of the .NET Framework, please see CVE-2015-6096 external link.
Since TCP connections are routable the attacker may perform all these kinds of exploits from remote if there is no firewall set up which limits the access for example to the TCP ports which the OPC UA application is using. The attacker does not need to have a local account at the device or OPC UA server nor is any authentication required for the attack.
Mitigation: Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows' built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.
Remediation: Update to a recent version of the affected product and update the .NET Framework.
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
7.5 (High)
Mitigation
Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows' built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.
Vendor Fix
Update to a recent version of the affected product and update the .NET Framework.
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
7.5 (High)
Mitigation
Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows' built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.
Vendor Fix
Update to a recent version of the affected product and update the .NET Framework.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The affected products can act as OPC UA client or server and are vulnerable to two different kind of attacks via\nthe OPC UA protocol. For both cases the attacker can send packets via the OPC UA protocol without the need to\nauthenticate and\n\n1. provoke a stack overflow resulting in denial of service of the product or\n2. make the product disclose information to the attacker without authorization.",
"title": "Summary"
},
{
"category": "description",
"text": "For both kinds of attacks the attacker needs to use a specifically crafted OPC UA client when attacking an OPC UA server respectively needs to use a specifically crafted OPC UA server when attacking an OPC UA client. For attacking a server the attacker needs to be able to establish a TCP connection to that server. For attacking a client the attacker needs to be able to make the client connect to the attacker\u0027s server. For all cases it is sufficient if after the establishment of the TCP connection the attacker lets the specifically crafted application (client or server) respond with a sequence of specifically crafted network packets. No authentication is required by the attacker.\n\nFor the first kind of attack the specifically crafted network packets cause a stack overflow as consequence of an uncontrolled recursion when the attacked application (client or server) processes them. With the components of the product described above, this attack results in a denial of service because the components become unavailable and need to be restarted manually after the attack.\n\nFor the second kind of attack the specifically crafted network packets cause the attacked application to resolve XML entities which allows the inclusion of contents from files on disk as far as they are accessible to the attacked application. Further processing of XML entities allow the resulting XML content to be posted to an HTTP server of the attackers choice. This allows the disclosure of file content from the computer the attacked application is running on even though the attacker is not required to authenticate nor to have access to these files.\n\nThe second attack is possible only if an outdated version of a .NET Framework from Microsoft is used. For more information like vulnerable and fixed versions of the .NET Framework, please see CVE-2015-6096 external link.\n\nSince TCP connections are routable the attacker may perform all these kinds of exploits from remote if there is no firewall set up which limits the access for example to the TCP ports which the OPC UA application is using. The attacker does not need to have a local account at the device or OPC UA server nor is any authentication required for the attack.",
"title": "Impact"
},
{
"category": "description",
"text": "Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows\u0027 built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to a recent version of the affected product and update the .NET Framework.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product-securityincident@beckhoff.com",
"name": "Beckhoff Automation GmbH \u0026 Co. KG",
"namespace": "https://www.beckhoff.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Beckhoff",
"url": "https://certvde.com/de/advisories/vendor/beckhoff/"
},
{
"category": "self",
"summary": "VDE-2021-008: Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products - HTML",
"url": "https://certvde.com/de/advisories/vde-2021-008/"
},
{
"category": "self",
"summary": "VDE-2021-008: Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products - CSAF",
"url": "https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2021-008.json"
}
],
"title": "Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products",
"tracking": {
"aliases": [
"VDE-2021-008"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-04-11T07:25:35.560Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2021-008",
"initial_release_date": "2024-10-21T08:00:00.000Z",
"revision_history": [
{
"date": "2021-05-19T09:04:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-01-16T11:40:00.000Z",
"number": "2",
"summary": "Fix: list of branches, references "
},
{
"date": "2025-04-11T07:00:00.000Z",
"number": "3",
"summary": "Fix: version range"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "4",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Client System Manager Extension included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Client System Manager Extension included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Client System Manager Extension included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Standalone) included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Standalone) included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Configurator (Standalone) included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Standalone) included in TS6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51003"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Standalone) included in TS6100 4.3.46.0",
"product_id": "CSAFPID-52003"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Configurator (Standalone) included in TS6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Visual Studio) included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51004"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Visual Studio) included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52004"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Configurator (Visual Studio) included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Sample Client included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51005"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Sample Client included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52005"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Sample Client included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Sample Client included in TS6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51006"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Sample Client included in TS6100 4.3.46.0",
"product_id": "CSAFPID-52006"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Sample Client included in TS6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.4.3144.11",
"product": {
"name": "TwinCAT Scope Server in TF3300 \u003c3.4.3144.11",
"product_id": "CSAFPID-51007"
}
},
{
"category": "product_version",
"name": " 3.4.3144.11",
"product": {
"name": "TwinCAT Scope Server in TF3300 3.4.3144.11",
"product_id": "CSAFPID-52007"
}
}
],
"category": "product_name",
"name": "TwinCAT Scope Server in TF3300"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.4.3144.11",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF3300 \u003c3.4.3144.11",
"product_id": "CSAFPID-51008"
}
},
{
"category": "product_version",
"name": " 3.4.3144.11",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF3300 3.4.3144.11",
"product_id": "CSAFPID-52008"
}
}
],
"category": "product_name",
"name": "TwinCAT Target Browser OPC UA Extension included in TF3300"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51009"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52009"
}
}
],
"category": "product_name",
"name": "TwinCAT Target Browser OPC UA Extension included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.1.68.0",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF6720 \u003c1.1.68.0",
"product_id": "CSAFPID-510010"
}
},
{
"category": "product_version",
"name": "1.1.68.0",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF6720 1.1.68.0",
"product_id": "CSAFPID-52010"
}
}
],
"category": "product_name",
"name": "TwinCAT Target Browser OPC UA Extension included in TF6720"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Beckhoff"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010"
],
"summary": "Fixed Products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27432",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows\u0027 built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to a recent version of the affected product and update the .NET Framework.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
]
}
],
"title": "CVE-2021-27432"
},
{
"cve": "CVE-2021-27434",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could\nlead to unauthenticated remote code execution and full system compromise.\nusers should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device\nparameters that can lead to full compromise of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows\u0027 built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to a recent version of the affected product and update the .NET Framework.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
]
}
],
"title": "CVE-2021-27434"
}
]
}
CNVD-2021-39138
Vulnerability from cnvd - Published: 2021-06-03
VLAI Severity ?
Title
Siemens SIMATIC OPC UA 存在未明漏洞
Description
Siemens SIMATIC CP443-1 OPC UA9是德国西门子(Siemens)公司的一款通信处理器。
OPC UA 存在安全漏洞。该漏洞源于程序容易受到不受控制的递归,攻击者可利用该漏洞触发堆栈溢出。
Severity
中
Patch Name
Siemens SIMATIC OPC UA 存在未明漏洞的补丁
Patch Description
Siemens SIMATIC CP443-1 OPC UA9是德国西门子(Siemens)公司的一款通信处理器。
OPC UA 存在安全漏洞。该漏洞源于程序容易受到不受控制的递归,攻击者可利用该漏洞触发堆栈溢出。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.365.48
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-27432
Impacted products
| Name | ['Siemens OPC Foundation UA .NET Standard <1.4.365.48', 'Siemens OPC UA .NET Legacy'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-27432"
}
},
"description": "Siemens SIMATIC CP443-1 OPC UA9\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u901a\u4fe1\u5904\u7406\u5668\u3002\n\nOPC UA \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5bb9\u6613\u53d7\u5230\u4e0d\u53d7\u63a7\u5236\u7684\u9012\u5f52\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e6\u53d1\u5806\u6808\u6ea2\u51fa\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.365.48",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-39138",
"openTime": "2021-06-03",
"patchDescription": "Siemens SIMATIC CP443-1 OPC UA9\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u901a\u4fe1\u5904\u7406\u5668\u3002\r\n\r\nOPC UA \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5bb9\u6613\u53d7\u5230\u4e0d\u53d7\u63a7\u5236\u7684\u9012\u5f52\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e6\u53d1\u5806\u6808\u6ea2\u51fa\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens SIMATIC OPC UA \u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens OPC Foundation UA .NET Standard \u003c1.4.365.48",
"Siemens OPC UA .NET Legacy"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-27432",
"serverity": "\u4e2d",
"submitTime": "2021-05-14",
"title": "Siemens SIMATIC OPC UA \u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}
GSD-2021-27432
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-27432",
"description": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"id": "GSD-2021-27432"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-27432"
],
"details": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"id": "GSD-2021-27432",
"modified": "2023-12-13T01:23:35.543558Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPC Foundation OPC UA .NET Standard and OPC UA .NET Legacy",
"version": {
"version_data": [
{
"version_value": "OPC UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RECURSION CWE-674"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.4.365.48)",
"affected_versions": "All versions before 1.4.365.48",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-674",
"CWE-937"
],
"date": "2021-06-01",
"description": "OPC Foundation UA .NET Standard and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"fixed_versions": [
"1.4.365.48"
],
"identifier": "CVE-2021-27432",
"identifiers": [
"CVE-2021-27432"
],
"not_impacted": "All versions starting from 1.4.365.48",
"package_slug": "nuget/OPCFoundation.NetStandard.Opc.Ua",
"pubdate": "2021-05-20",
"solution": "Upgrade to version 1.4.365.48 or above.",
"title": "Uncontrolled Recursion",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-27432",
"https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
],
"uuid": "45358f97-5228-4ed4-9f8e-9c433f9e8a9c"
},
{
"affected_range": "(,)",
"affected_versions": "All versions",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-674",
"CWE-937"
],
"date": "2021-06-01",
"description": "OPC Foundation UA .NET Standard and OPC UA .NET Legacy is vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"fixed_versions": [],
"identifier": "CVE-2021-27432",
"identifiers": [
"CVE-2021-27432"
],
"not_impacted": "",
"package_slug": "nuget/OPCUASDKNET46",
"pubdate": "2021-05-20",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Uncontrolled Recursion",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-27432",
"https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
],
"uuid": "867de3e4-ba75-4f82-9df6-ac188b8a756c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opcfoundation:ua-.net-legacy:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opcfoundation:ua_.net_standard_stack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.365.48",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27432"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-06-01T16:39Z",
"publishedDate": "2021-05-20T16:15Z"
}
}
}
FKIE_CVE-2021-27432
Vulnerability from fkie_nvd - Published: 2021-05-20 16:15 - Updated: 2024-11-21 05:57
Severity ?
Summary
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opcfoundation | ua-.net-legacy | - | |
| opcfoundation | ua_.net_standard_stack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opcfoundation:ua-.net-legacy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04F956C-0D6B-453D-AA1B-4AB522B0C474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opcfoundation:ua_.net_standard_stack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A02376A-04D5-48A2-9D3E-242FA6E3C00B",
"versionEndExcluding": "1.4.365.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
},
{
"lang": "es",
"value": "OPC Foundation UA ??.NET Standard versiones anteriores a 1.4.365.48 y OPC UA .NET Legacy, son vulnerables a una recursividad no controlada, que puede permitir a un atacante desencadenar un desbordamiento de pila"
}
],
"id": "CVE-2021-27432",
"lastModified": "2024-11-21T05:57:58.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T16:15:07.967",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…