CVE-2021-27434 – This vulnerability in Unified Automation .NET b... (How to Fix)

Q: What is the severity of CVE-2021-27434?

CVE-2021-27434 has a CVSS score of 7.5 (HIGH). This vulnerability in Unified Automation .NET based OPC UA Client/Server SDK allows attackers to trigger a stack overflow via uncontrolled recursion. Affected systems include industrial control systems using vulnerable versions of this SDK for OPC UA communications.

📋 TL;DR

This vulnerability in Unified Automation .NET based OPC UA Client/Server SDK allows attackers to trigger a stack overflow via uncontrolled recursion. Affected systems include industrial control systems using vulnerable versions of this SDK for OPC UA communications.

💻 Affected Systems

Products:

Unified Automation .NET based OPC UA Client/Server SDK Bundle

Versions: V3.0.7 and prior

Operating Systems: Windows (any running .NET Framework 3.5, 4.0, or 4.5)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects .NET Framework versions 3.5, 4.0, and 4.5 implementations. Other framework versions are not vulnerable.

📦 What is this software?

.net Based Opc Ua Client\/server Sdk by Unified Automation

View all CVEs affecting .net Based Opc Ua Client\/server Sdk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash leading to denial of service in industrial control environments, potentially disrupting critical operations.

🟠

Likely Case

Service disruption through stack overflow crashes affecting OPC UA communications in industrial environments.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring in place.

🌐 Internet-Facing: MEDIUM - Exploitable if OPC UA endpoints are exposed to untrusted networks, but industrial systems often have limited internet exposure.

🏢 Internal Only: HIGH - Industrial networks often have flat architectures where internal attackers could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending specially crafted OPC UA messages to trigger the recursion.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V3.0.8 or later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04

Restart Required: Yes

Instructions:

1. Download Unified Automation .NET OPC UA SDK version 3.0.8 or later. 2. Replace vulnerable SDK components. 3. Recompile applications using the updated SDK. 4. Restart affected services and applications.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OPC UA systems from untrusted networks using firewalls and network segmentation.

OPC UA Security Configuration

all

Implement OPC UA security best practices including certificate-based authentication and message signing.

🧯 If You Can't Patch

Implement strict network access controls to limit OPC UA traffic to trusted sources only.
Monitor for abnormal OPC UA message patterns and stack overflow events in system logs.

🔍 How to Verify

Check if Vulnerable:

Check SDK version in application dependencies or installed components for versions 3.0.7 or earlier.

Check Version:

Check application configuration files or SDK installation directory for version information.

Verify Fix Applied:

Verify SDK version is 3.0.8 or later and test OPC UA functionality with normal operations.

📡 Detection & Monitoring

Log Indicators:

Stack overflow errors in application logs
Abnormal OPC UA message processing errors
Service crashes related to OPC UA components

Network Indicators:

Unusual volume of OPC UA messages from single sources
Malformed OPC UA protocol messages

SIEM Query:

source="OPC-UA" AND (event_type="stack_overflow" OR event_type="service_crash")

📊 Metadata

CVE ID: CVE-2021-27434

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: May 20, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-133-04 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27434, you might also want to check these: