Login Sign Up

CVE-2021-42577

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Softing OPC UA C++ SDK allows remote attackers to crash client applications by sending a specially crafted OPC/UA abort packet, causing a NULL pointer dereference. It affects systems using Softing OPC UA C++ SDK versions before 5.70. The crash can lead to denial of service for OPC/UA communication.

💻 Affected Systems

Products:
  • Softing OPC UA C++ SDK
Versions: All versions before 5.70
Operating Systems: All platforms supported by the SDK
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects client applications using the SDK, not server implementations. Any application built with vulnerable SDK versions is affected.

📦 What is this software?

Datafeed Opc Suite by Softing

View all CVEs affecting Datafeed Opc Suite →

Opc Ua C\+\+ Software Development Kit by Softing

View all CVEs affecting Opc Ua C\+\+ Software Development Kit →

Secure Integration Server by Softing

View all CVEs affecting Secure Integration Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for OPC/UA communication, potentially disrupting industrial control systems or SCADA operations that rely on this SDK.

🟠

Likely Case

Client application crashes, requiring manual restart and causing temporary disruption to OPC/UA data exchange.

🟢

If Mitigated

No impact if patched or if network controls prevent malicious packets from reaching vulnerable systems.

🌐 Internet-Facing: MEDIUM - While OPC/UA systems are often internal, internet-exposed instances could be targeted for DoS attacks.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this to disrupt industrial communications.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a malformed OPC/UA abort packet to a vulnerable client. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.70 and later

Vendor Advisory: https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-42577.pdf

Restart Required: Yes

Instructions:

1. Download Softing OPC UA C++ SDK version 5.70 or later from Softing website. 2. Replace existing SDK installation with new version. 3. Recompile and redeploy any applications using the SDK. 4. Restart affected applications.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to OPC/UA clients to trusted sources only

Firewall Rules

all

Implement firewall rules to block unexpected OPC/UA traffic

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate OPC/UA systems
  • Deploy intrusion detection systems to monitor for malformed OPC/UA packets

🔍 How to Verify

Check if Vulnerable:

Check SDK version in application build configuration or linked libraries. If using SDK version <5.70, system is vulnerable.

Check Version:

Check SDK version in project configuration files or contact application vendor for version information.

Verify Fix Applied:

Verify SDK version is 5.70 or later in application configuration and libraries.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs mentioning OPC/UA client
  • Unexpected process termination of OPC/UA applications

Network Indicators:

  • Malformed OPC/UA abort packets in network traffic
  • Unusual OPC/UA protocol violations

SIEM Query:

Process termination events for OPC/UA client applications OR network traffic containing OPC/UA abort packets with abnormal structure

📊 Metadata

CVE ID: CVE-2021-42577
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: March 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42577, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)