CVE-2021-27432 HIGH

Published: 2021-05-20 | Last Modified: 2024-11-21 | Status: Modified

Description

OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.

Additional Descriptions (1)

OPC Foundation UA ??.NET Standard versiones anteriores a 1.4.365.48 y OPC UA .NET Legacy, son vulnerables a una recursividad no controlada, que puede permitir a un atacante desencadenar un desbordamiento de pila

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-674

Affected Products

Vendor	Product	Version	Update	Type
opcfoundation	ua-.net-legacy	-	<built-in method update of dict object at 0x72a9b0c9b900>	Application
opcfoundation	ua_.net_standard_stack	*	<built-in method update of dict object at 0x72a9b0734d00>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:opcfoundation:ua-.net-legacy:-:::::::*`
Yes	`cpe:2.3:a:opcfoundation:ua_.net_standard_stack::::::::`

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03
Source: [email protected]

Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource