CVE-2021-38487 – This vulnerability in RTI Connext Professional ... (How to Fix)

Q: What is the severity of CVE-2021-38487?

CVE-2021-38487 has a CVSS score of 8.2 (HIGH). This vulnerability in RTI Connext Professional and Micro allows attackers to send specially crafted packets that flood target devices with unwanted traffic, causing denial-of-service conditions and potential information exposure. It affects industrial control systems and IoT devices using vulnerable RTI middleware versions.

📋 TL;DR

This vulnerability in RTI Connext Professional and Micro allows attackers to send specially crafted packets that flood target devices with unwanted traffic, causing denial-of-service conditions and potential information exposure. It affects industrial control systems and IoT devices using vulnerable RTI middleware versions.

💻 Affected Systems

Products:

RTI Connext Professional
RTI Connext Micro

Versions: Connext Professional 4.1 to 6.1.0; Connext Micro 2.4 and later

Operating Systems: All supported platforms where RTI middleware runs

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using vulnerable versions, regardless of configuration. Industrial control systems and IoT devices are particularly at risk.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical systems become unavailable, sensitive operational data is exposed, and cascading failures affect dependent systems in industrial environments.

🟠

Likely Case

Targeted devices experience service degradation or complete denial-of-service, disrupting operations in industrial control or IoT deployments.

🟢

If Mitigated

Limited impact with proper network segmentation and traffic filtering, potentially causing temporary performance issues but no data exposure.

🌐 Internet-Facing: HIGH - Directly exposed devices can be targeted from anywhere on the internet with simple packet flooding.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems can still exploit this, but requires network access to vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only network access to vulnerable devices and ability to send crafted packets. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Connext Professional 6.1.1 and later; Connext Micro 3.0.3 and later

Vendor Advisory: https://www.rti.com/vulnerabilities/#cve-2021-38487

Restart Required: Yes

Instructions:

1. Download patched version from RTI support portal. 2. Backup current configuration. 3. Install update following vendor documentation. 4. Restart affected services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices in protected network segments with strict firewall rules

Traffic Filtering

linux

Implement network filtering to block suspicious packet patterns targeting RTI ports

iptables -A INPUT -p udp --dport 7400:7500 -m string --algo bm --hex-string '|01 00 00 00|' -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit which systems can communicate with vulnerable devices
Deploy intrusion detection systems to monitor for packet flooding patterns and alert on suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check RTI version using vendor tools or system package manager. Vulnerable if: Connext Professional 4.1-6.1.0 or Connext Micro ≥2.4

Check Version:

rtiddsgen -version (for Connext Professional) or check application logs for version information

Verify Fix Applied:

Verify installed version is Connext Professional ≥6.1.1 or Connext Micro ≥3.0.3. Test with legitimate traffic to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual traffic spikes
Service disruption logs
Connection timeouts
Resource exhaustion warnings

Network Indicators:

High volume of small packets to RTI ports (typically 7400-7500)
Abnormal packet patterns from single sources
UDP flood patterns

SIEM Query:

source_ip_count > 100 AND dest_port IN (7400, 7401, 7402, 7500) AND protocol = UDP WITHIN 1 MINUTE

📊 Metadata

CVE ID: CVE-2021-38487

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE: CWE-406

Published: May 5, 2022

Last Updated: June 23, 2025

🔗 References

https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F Permissions Required,Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 Third Party Advisory,US Government Resource
https://www.rti.com/vulnerabilities/#cve-2021-38487
https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F Permissions Required,Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38487, you might also want to check these: