Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-27434 (GCVE-0-2021-27434)
Vulnerability from cvelistv5 – Published: 2021-05-20 13:42 – Updated: 2024-08-03 20:48
VLAI
EPSS
Summary
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
Severity
No CVSS data available.
CWE
- CWE-200 - EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5 |
Affected:
Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T13:42:54.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5",
"version": {
"version_data": [
{
"version_value": "Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27434",
"datePublished": "2021-05-20T13:42:54.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:17.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-27434",
"date": "2026-05-25",
"epss": "0.00216",
"percentile": "0.43941"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-27434\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2021-05-20T14:15:07.767\",\"lastModified\":\"2024-11-21T05:57:58.987\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.\"},{\"lang\":\"es\",\"value\":\"Productos con el programa Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versiones V3.0.7 y anteriores (solo versiones de .NET 4.5, 4.0 y 3.5 Framework) son vulnerables a una recursividad no controlada, que puede permitir a un atacante desencadenar un desbordamiento de pila\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:unified-automation:.net_based_opc_ua_client\\\\/server_sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.7\",\"matchCriteriaId\":\"72FFADD0-F648-492C-9A45-1456EEDAAD06\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"792B417F-96A0-4E9D-9E79-5D7F982E2225\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61FAD9EE-FA7F-4B39-8A9B-AFFAEC8BF214\"}]}]}],\"references\":[{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
CNVD-2021-39139
Vulnerability from cnvd - Published: 2021-06-03
VLAI
Title
Siemens SIMATIC OPC UA信息泄露漏洞
Description
Siemens SIMATIC CP443-1 OPC UA9是德国西门子(Siemens)公司的一款通信处理器。
OPC UA 存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。
Severity
中
Patch Name
Siemens SIMATIC OPC UA信息泄露漏洞的补丁
Patch Description
Siemens SIMATIC CP443-1 OPC UA9是德国西门子(Siemens)公司的一款通信处理器。
OPC UA 存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-27434
Impacted products
| Name | Siemens Unified Automation .NET based OPC UA Client/Server SDK Bundle <=V3.0.7(仅限 .NET 4.5、4.0 和 3.5 Framework 版本) |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-27434"
}
},
"description": "Siemens SIMATIC CP443-1 OPC UA9\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u901a\u4fe1\u5904\u7406\u5668\u3002\n\nOPC UA \u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-39139",
"openTime": "2021-06-03",
"patchDescription": "Siemens SIMATIC CP443-1 OPC UA9\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u901a\u4fe1\u5904\u7406\u5668\u3002\r\n\r\nOPC UA \u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens SIMATIC OPC UA\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Siemens Unified Automation .NET based OPC UA Client/Server SDK Bundle \u003c=V3.0.7\uff08\u4ec5\u9650 .NET 4.5\u30014.0 \u548c 3.5 Framework \u7248\u672c\uff09"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-27434",
"serverity": "\u4e2d",
"submitTime": "2021-05-14",
"title": "Siemens SIMATIC OPC UA\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2021-27434
Vulnerability from fkie_nvd - Published: 2021-05-20 14:15 - Updated: 2024-11-21 05:57
Severity
Summary
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unified-automation | .net_based_opc_ua_client\/server_sdk | * | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.0 | |
| microsoft | .net_framework | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unified-automation:.net_based_opc_ua_client\\/server_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72FFADD0-F648-492C-9A45-1456EEDAAD06",
"versionEndIncluding": "3.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "792B417F-96A0-4E9D-9E79-5D7F982E2225",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61FAD9EE-FA7F-4B39-8A9B-AFFAEC8BF214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
},
{
"lang": "es",
"value": "Productos con el programa Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versiones V3.0.7 y anteriores (solo versiones de .NET 4.5, 4.0 y 3.5 Framework) son vulnerables a una recursividad no controlada, que puede permitir a un atacante desencadenar un desbordamiento de pila"
}
],
"id": "CVE-2021-27434",
"lastModified": "2024-11-21T05:57:58.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T14:15:07.767",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-43G9-FMQ9-JJPM
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-10-08 00:00
VLAI
Details
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2021-27434"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-20T14:15:00Z",
"severity": "HIGH"
},
"details": "Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"id": "GHSA-43g9-fmq9-jjpm",
"modified": "2022-10-08T00:00:21Z",
"published": "2022-05-24T19:02:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27434"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2021-27434
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-27434",
"description": "Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"id": "GSD-2021-27434"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-27434"
],
"details": "Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"id": "GSD-2021-27434",
"modified": "2023-12-13T01:23:35.914243Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5",
"version": {
"version_data": [
{
"version_value": "Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:unified-automation:.net_based_opc_ua_client\\/server_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27434"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-10-15T16:18Z",
"publishedDate": "2021-05-20T14:15Z"
}
}
}
ICSA-21-133-04
Vulnerability from csaf_cisa - Published: 2021-05-13 00:00 - Updated: 2021-05-13 00:00Summary
OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of this vulnerability could allow an unauthenticated attacker to read any file on the file system.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target this vulnerability.
7.2 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5 4.0 and 3.5 Framework versions only)
Unified Automation GmbH / Unified Automation .NET based OPC UA Client/Server SDK Bundle
|
<= 3.0.7 (.NET 4.5 4.0 and 3.5 Framework versions only) |
Mitigation
fix
|
References
7 references
Acknowledgments
the Otorio Research Team
Eran Jacob
{
"document": {
"acknowledgments": [
{
"names": [
"Eran Jacob"
],
"organization": "the Otorio Research Team",
"summary": "reporting this vulnerability to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow an unauthenticated attacker to read any file on the file system.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-133-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-133-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-133-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-133-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5",
"tracking": {
"current_release_date": "2021-05-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-133-04",
"initial_release_date": "2021-05-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-05-13T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-133-04 OPC UA Products Built with .NET Frameworks 4.5, 4.0, and 3.5"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.0.7 (.NET 4.5 4.0 and 3.5 Framework versions only)",
"product": {
"name": "Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5 4.0 and 3.5 Framework versions only)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Unified Automation .NET based OPC UA Client/Server SDK Bundle"
}
],
"category": "vendor",
"name": "Unified Automation GmbH"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27434",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The OPC UA .NET Framework can expose sensitive information to an actor who is not authorized to have access.CVE-2021-27434 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27434"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Unified Automation has released software (login required) to address the .NET Framework vulnerabilities. OPC Foundation recommends users deploying OPC UA .NET products built against the .NET 4.5, 4.0, and 3.5 Frameworks should contact the product supplier to determine if an update is needed. Users should also consider upgrading to a version of the product using .NET 4.5.2 Framework or later. It is recommended users avoid using the end-of-life version of the .NET Framework due to the risk of unpatched vulnerabilities.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.unified-automation.com/downloads/opc-ua-development.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
VDE-2021-008
Vulnerability from csaf_beckhoffautomationgmbhcokg - Published: 2024-10-21 08:00 - Updated: 2025-05-22 13:03Summary
Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products
Notes
Summary: The affected products can act as OPC UA client or server and are vulnerable to two different kind of attacks via
the OPC UA protocol. For both cases the attacker can send packets via the OPC UA protocol without the need to
authenticate and
1. provoke a stack overflow resulting in denial of service of the product or
2. make the product disclose information to the attacker without authorization.
Impact: For both kinds of attacks the attacker needs to use a specifically crafted OPC UA client when attacking an OPC UA server respectively needs to use a specifically crafted OPC UA server when attacking an OPC UA client. For attacking a server the attacker needs to be able to establish a TCP connection to that server. For attacking a client the attacker needs to be able to make the client connect to the attacker's server. For all cases it is sufficient if after the establishment of the TCP connection the attacker lets the specifically crafted application (client or server) respond with a sequence of specifically crafted network packets. No authentication is required by the attacker.
For the first kind of attack the specifically crafted network packets cause a stack overflow as consequence of an uncontrolled recursion when the attacked application (client or server) processes them. With the components of the product described above, this attack results in a denial of service because the components become unavailable and need to be restarted manually after the attack.
For the second kind of attack the specifically crafted network packets cause the attacked application to resolve XML entities which allows the inclusion of contents from files on disk as far as they are accessible to the attacked application. Further processing of XML entities allow the resulting XML content to be posted to an HTTP server of the attackers choice. This allows the disclosure of file content from the computer the attacked application is running on even though the attacker is not required to authenticate nor to have access to these files.
The second attack is possible only if an outdated version of a .NET Framework from Microsoft is used. For more information like vulnerable and fixed versions of the .NET Framework, please see CVE-2015-6096 external link.
Since TCP connections are routable the attacker may perform all these kinds of exploits from remote if there is no firewall set up which limits the access for example to the TCP ports which the OPC UA application is using. The attacker does not need to have a local account at the device or OPC UA server nor is any authentication required for the attack.
Mitigation: Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows' built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.
Remediation: Update to a recent version of the affected product and update the .NET Framework.
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
7.5 (High)
Mitigation
Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows' built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.
Vendor Fix
Update to a recent version of the affected product and update the .NET Framework.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TwinCAT OPC UA Client System Manager Extension included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Client System Manager Extension included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Standalone) included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Standalone) included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Standalone) included in TS6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Standalone) included in TS6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Visual Studio) included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Visual Studio) included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Sample Client included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Sample Client included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Sample Client included in TS6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Sample Client included in TS6100
|
<4.3.46.0 | ||
|
TwinCAT Scope Server in TF3300 <3.4.3144.11
Beckhoff / Software / TwinCAT Scope Server in TF3300
|
<3.4.3144.11 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF3300 <3.4.3144.11
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF3300
|
<3.4.3144.11 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF6720 <1.1.68.0
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF6720
|
<1.1.68.0 |
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TwinCAT OPC UA Client System Manager Extension included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Client System Manager Extension included in TF6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Standalone) included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Standalone) included in TF6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Standalone) included in TS6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Standalone) included in TS6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Visual Studio) included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Visual Studio) included in TF6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Sample Client included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Sample Client included in TF6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Sample Client included in TS6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Sample Client included in TS6100
|
4.3.46.0 | ||
|
TwinCAT Scope Server in TF3300 3.4.3144.11
Beckhoff / Software / TwinCAT Scope Server in TF3300
|
3.4.3144.11 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF3300 3.4.3144.11
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF3300
|
3.4.3144.11 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF6100
|
4.3.46.0 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF6720 1.1.68.0
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF6720
|
1.1.68.0 |
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device.
7.5 (High)
Mitigation
Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows' built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.
Vendor Fix
Update to a recent version of the affected product and update the .NET Framework.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TwinCAT OPC UA Client System Manager Extension included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Client System Manager Extension included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Standalone) included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Standalone) included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Standalone) included in TS6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Standalone) included in TS6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Visual Studio) included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Visual Studio) included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Sample Client included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Sample Client included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT OPC UA Sample Client included in TS6100 <4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Sample Client included in TS6100
|
<4.3.46.0 | ||
|
TwinCAT Scope Server in TF3300 <3.4.3144.11
Beckhoff / Software / TwinCAT Scope Server in TF3300
|
<3.4.3144.11 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF3300 <3.4.3144.11
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF3300
|
<3.4.3144.11 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF6100 <4.3.46.0
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF6100
|
<4.3.46.0 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF6720 <1.1.68.0
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF6720
|
<1.1.68.0 |
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TwinCAT OPC UA Client System Manager Extension included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Client System Manager Extension included in TF6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Standalone) included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Standalone) included in TF6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Standalone) included in TS6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Standalone) included in TS6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Configurator (Visual Studio) included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Configurator (Visual Studio) included in TF6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Sample Client included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Sample Client included in TF6100
|
4.3.46.0 | ||
|
TwinCAT OPC UA Sample Client included in TS6100 4.3.46.0
Beckhoff / Software / TwinCAT OPC UA Sample Client included in TS6100
|
4.3.46.0 | ||
|
TwinCAT Scope Server in TF3300 3.4.3144.11
Beckhoff / Software / TwinCAT Scope Server in TF3300
|
3.4.3144.11 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF3300 3.4.3144.11
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF3300
|
3.4.3144.11 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF6100 4.3.46.0
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF6100
|
4.3.46.0 | ||
|
TwinCAT Target Browser OPC UA Extension included in TF6720 1.1.68.0
Beckhoff / Software / TwinCAT Target Browser OPC UA Extension included in TF6720
|
1.1.68.0 |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The affected products can act as OPC UA client or server and are vulnerable to two different kind of attacks via\nthe OPC UA protocol. For both cases the attacker can send packets via the OPC UA protocol without the need to\nauthenticate and\n\n1. provoke a stack overflow resulting in denial of service of the product or\n2. make the product disclose information to the attacker without authorization.",
"title": "Summary"
},
{
"category": "description",
"text": "For both kinds of attacks the attacker needs to use a specifically crafted OPC UA client when attacking an OPC UA server respectively needs to use a specifically crafted OPC UA server when attacking an OPC UA client. For attacking a server the attacker needs to be able to establish a TCP connection to that server. For attacking a client the attacker needs to be able to make the client connect to the attacker\u0027s server. For all cases it is sufficient if after the establishment of the TCP connection the attacker lets the specifically crafted application (client or server) respond with a sequence of specifically crafted network packets. No authentication is required by the attacker.\n\nFor the first kind of attack the specifically crafted network packets cause a stack overflow as consequence of an uncontrolled recursion when the attacked application (client or server) processes them. With the components of the product described above, this attack results in a denial of service because the components become unavailable and need to be restarted manually after the attack.\n\nFor the second kind of attack the specifically crafted network packets cause the attacked application to resolve XML entities which allows the inclusion of contents from files on disk as far as they are accessible to the attacked application. Further processing of XML entities allow the resulting XML content to be posted to an HTTP server of the attackers choice. This allows the disclosure of file content from the computer the attacked application is running on even though the attacker is not required to authenticate nor to have access to these files.\n\nThe second attack is possible only if an outdated version of a .NET Framework from Microsoft is used. For more information like vulnerable and fixed versions of the .NET Framework, please see CVE-2015-6096 external link.\n\nSince TCP connections are routable the attacker may perform all these kinds of exploits from remote if there is no firewall set up which limits the access for example to the TCP ports which the OPC UA application is using. The attacker does not need to have a local account at the device or OPC UA server nor is any authentication required for the attack.",
"title": "Impact"
},
{
"category": "description",
"text": "Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows\u0027 built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to a recent version of the affected product and update the .NET Framework.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product-securityincident@beckhoff.com",
"name": "Beckhoff Automation GmbH \u0026 Co. KG",
"namespace": "https://www.beckhoff.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Beckhoff",
"url": "https://certvde.com/de/advisories/vendor/beckhoff/"
},
{
"category": "self",
"summary": "VDE-2021-008: Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products - HTML",
"url": "https://certvde.com/de/advisories/vde-2021-008/"
},
{
"category": "self",
"summary": "VDE-2021-008: Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products - CSAF",
"url": "https://beckhoff.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2021-008.json"
}
],
"title": "Beckhoff: Stack Overflow and XXE vulnerability in various OPC UA products",
"tracking": {
"aliases": [
"VDE-2021-008"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-04-11T07:25:35.560Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2021-008",
"initial_release_date": "2024-10-21T08:00:00.000Z",
"revision_history": [
{
"date": "2021-05-19T09:04:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-01-16T11:40:00.000Z",
"number": "2",
"summary": "Fix: list of branches, references "
},
{
"date": "2025-04-11T07:00:00.000Z",
"number": "3",
"summary": "Fix: version range"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "4",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Client System Manager Extension included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Client System Manager Extension included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Client System Manager Extension included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Standalone) included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Standalone) included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Configurator (Standalone) included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Standalone) included in TS6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51003"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Standalone) included in TS6100 4.3.46.0",
"product_id": "CSAFPID-52003"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Configurator (Standalone) included in TS6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Visual Studio) included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51004"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Configurator (Visual Studio) included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52004"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Configurator (Visual Studio) included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Sample Client included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51005"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Sample Client included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52005"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Sample Client included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Sample Client included in TS6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51006"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT OPC UA Sample Client included in TS6100 4.3.46.0",
"product_id": "CSAFPID-52006"
}
}
],
"category": "product_name",
"name": "TwinCAT OPC UA Sample Client included in TS6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.4.3144.11",
"product": {
"name": "TwinCAT Scope Server in TF3300 \u003c3.4.3144.11",
"product_id": "CSAFPID-51007"
}
},
{
"category": "product_version",
"name": " 3.4.3144.11",
"product": {
"name": "TwinCAT Scope Server in TF3300 3.4.3144.11",
"product_id": "CSAFPID-52007"
}
}
],
"category": "product_name",
"name": "TwinCAT Scope Server in TF3300"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.4.3144.11",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF3300 \u003c3.4.3144.11",
"product_id": "CSAFPID-51008"
}
},
{
"category": "product_version",
"name": " 3.4.3144.11",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF3300 3.4.3144.11",
"product_id": "CSAFPID-52008"
}
}
],
"category": "product_name",
"name": "TwinCAT Target Browser OPC UA Extension included in TF3300"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.3.46.0",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF6100 \u003c4.3.46.0",
"product_id": "CSAFPID-51009"
}
},
{
"category": "product_version",
"name": "4.3.46.0",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF6100 4.3.46.0",
"product_id": "CSAFPID-52009"
}
}
],
"category": "product_name",
"name": "TwinCAT Target Browser OPC UA Extension included in TF6100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.1.68.0",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF6720 \u003c1.1.68.0",
"product_id": "CSAFPID-510010"
}
},
{
"category": "product_version",
"name": "1.1.68.0",
"product": {
"name": "TwinCAT Target Browser OPC UA Extension included in TF6720 1.1.68.0",
"product_id": "CSAFPID-52010"
}
}
],
"category": "product_name",
"name": "TwinCAT Target Browser OPC UA Extension included in TF6720"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Beckhoff"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010"
],
"summary": "Fixed Products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27432",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows\u0027 built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to a recent version of the affected product and update the .NET Framework.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
]
}
],
"title": "CVE-2021-27432"
},
{
"cve": "CVE-2021-27434",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could\nlead to unauthenticated remote code execution and full system compromise.\nusers should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device\nparameters that can lead to full compromise of the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002",
"CSAFPID-52003",
"CSAFPID-52004",
"CSAFPID-52005",
"CSAFPID-52006",
"CSAFPID-52007",
"CSAFPID-52008",
"CSAFPID-52009",
"CSAFPID-52010"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Consider limiting access to the network communication ports of affected server products. Also consider limiting where the affected client products are allowed to connect to. For example, this can be achived with Windows\u0027 built-in firewall by incoming rules for servers and outgoing rules for clients. Consider to minimize the ability of an attacker to hijack communication establishment from a client to a server. For example this can be achieved with the help of zones and conduits: Try to keep servers and clients within the same network zone and prevent intrusion into that zone. Try to enclose communication establishment within conduits like VPN channels (where one conduit can serve for many OPC UA connections) and prevent attackers from intruding into such channels. Consider updating the .NET Framework.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to a recent version of the affected product and update the .NET Framework.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010"
]
}
],
"title": "CVE-2021-27434"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…