CVE-2021-40142: Buffer Overflow
First published: Fri Aug 27 2021(Updated: )
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opcfoundation Local Discover Server | <1.04.402.463 | |
| Siemens Simatic Process Historian Opc Ua Server Firmware | <2022 | |
| Siemens Simatic Process Historian Opc Ua Server Firmware | =2022 | |
| Siemens Simatic Process Historian Opc Ua Server | ||
| Siemens Simatic Net Pc | =14 | |
| Siemens Simatic Net Pc | =15 | |
| Siemens Simatic Net Pc | =16 | |
| Siemens Simatic Net Pc | =17 | |
| Siemens Simatic WinCC | ||
| Siemens Simatic Wincc Runtime | ||
| Siemens Simatic Wincc Unified Scada Runtime | ||
| Siemens Telecontrol Server Basic | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40142?
CVE-2021-40142 is a vulnerability in OPC Foundation Local Discovery Server (LDS) before 1.04.402.463 that can lead to a denial of service (DoS) by sending specially crafted messages.
Which software is affected by CVE-2021-40142?
The affected software includes Opcfoundation Local Discover Server (up to version 1.04.402.463), Siemens Simatic Process Historian Opc Ua Server Firmware (up to version 2022), and Siemens Simatic Net Pc (versions 14, 15, 16, and 17).
What is the severity of CVE-2021-40142?
CVE-2021-40142 has a severity rating of 7.5 (high).
How can I fix CVE-2021-40142?
To fix CVE-2021-40142, update to the latest version of OPC Foundation Local Discovery Server (LDS) (1.04.402.463 or higher) and apply any patches or updates provided by Siemens for their affected software.
Where can I find more information about CVE-2021-40142?
You can find more information about CVE-2021-40142 in the Siemens ProductCERT advisory, the OPC Foundation Security Bulletin, and the CERT-CC vulnerability note.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- vendor/opcfoundation
- canonical/opcfoundation local discover server
- vendor/siemens
- canonical/siemens simatic process historian opc ua server firmware
- version/siemens simatic process historian opc ua server firmware/2022
- canonical/siemens simatic process historian opc ua server
- canonical/siemens simatic net pc
- version/siemens simatic net pc/14
- version/siemens simatic net pc/15
- version/siemens simatic net pc/16
- version/siemens simatic net pc/17
- canonical/siemens simatic wincc
- canonical/siemens simatic wincc runtime
- canonical/siemens simatic wincc unified scada runtime
- canonical/siemens telecontrol server basic
- version/siemens telecontrol server basic/3.0