CVE-2021-40142

HIGH

OPC Foundation Local Discovery Server < 1.04.402.463 - Denial of Service via Crafted Messages

Title source: llm

Description

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://opcfoundation.org/security-bulletins/

Patch, Vendor Advisory x_refsource_misc

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf

Patch, Third Party Advisory x_refsource_confirm

https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf

Scores

CVSS v3 7.5

EPSS 0.0050

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (11)

opcfoundation/local_discover_server < 1.04.402.463

siemens/simatic_net_pc 14

siemens/simatic_net_pc 15

siemens/simatic_net_pc 16

siemens/simatic_net_pc 17

siemens/simatic_process_historian_opc_ua_server_firmware 2022

siemens/simatic_process_historian_opc_ua_server_firmware < 2022

siemens/simatic_wincc

siemens/simatic_wincc_runtime

siemens/simatic_wincc_unified_scada_runtime

... and 1 more

Published Aug 27, 2021

Tracked Since Feb 18, 2026