What is CVE-2021-40873?

CVE-2021-40873 is a vulnerability in Softing Industrial Automation OPC UA C++ SDK before 5.66 and uaToolkit Embedded before 1.40, which allows remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server.

What is the severity of CVE-2021-40873?

CVE-2021-40873 has a severity score of 7.5 (high).

Which software is affected by CVE-2021-40873?

The following software are affected by CVE-2021-40873: Softing Datafeed Opc Suite (up to version 5.18), Softing Edgeconnector (up to version 2.31), Softing OPC (up to version 5.66), Softing Secure Integration Server (up to version 1.22), Softing Th Scope (from version 3.5), Softing Uagates (up to version 1.73), and Softing uaToolkit Embedded (up to version 1.40).

How can CVE-2021-40873 be exploited?

CVE-2021-40873 can be exploited by sending crafted messages to a client or server, which can cause a denial of service (DoS) by crashing the server process due to a double free.

Is there a fix available for CVE-2021-40873?

Yes, Softing Industrial Automation has released a fix for CVE-2021-40873. It is recommended to update to the latest version of the affected software to mitigate the vulnerability.

Vulnerability/
CVE-2021-40873

high

7.5

CWE

415

10/11/2021

4/8/2024

CVE-2021-40873: Double Free

First published: Wed Nov 10 2021(Updated: )

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Softing Datafeed Opc Suite	<5.18
Softing edgeConnector	<=2.31
Softing OPC	<5.66
Softing Secure Integration Server	<=1.22
Softing TH SCOPE	>=3.5
Softing Uagates	<1.73
Softing uaToolkit Embedded	<1.40

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-40873?
CVE-2021-40873 is a vulnerability in Softing Industrial Automation OPC UA C++ SDK before 5.66 and uaToolkit Embedded before 1.40, which allows remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server.
What is the severity of CVE-2021-40873?
CVE-2021-40873 has a severity score of 7.5 (high).
Which software is affected by CVE-2021-40873?
The following software are affected by CVE-2021-40873: Softing Datafeed Opc Suite (up to version 5.18), Softing Edgeconnector (up to version 2.31), Softing OPC (up to version 5.66), Softing Secure Integration Server (up to version 1.22), Softing Th Scope (from version 3.5), Softing Uagates (up to version 1.73), and Softing uaToolkit Embedded (up to version 1.40).
How can CVE-2021-40873 be exploited?
CVE-2021-40873 can be exploited by sending crafted messages to a client or server, which can cause a denial of service (DoS) by crashing the server process due to a double free.
Is there a fix available for CVE-2021-40873?
Yes, Softing Industrial Automation has released a fix for CVE-2021-40873. It is recommended to update to the latest version of the affected software to mitigate the vulnerability.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/severity
agent/weakness
agent/author
agent/description
agent/tags
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/softing
canonical/softing datafeed opc suite
canonical/softing edgeconnector
version/softing edgeconnector/2.31
canonical/softing opc
canonical/softing secure integration server
version/softing secure integration server/1.22
canonical/softing th scope
version/softing th scope/3.5
canonical/softing uagates
canonical/softing uatoolkit embedded

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.