VDB
SSA-321292
SSA-321292
PUBLISHED
CVSS 7.5 HIGH
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service condition by sending carefully crafted messages that lead to access of a memory location after the end of a buffer.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | OpenPCS 7 V9.1 | |
| Siemens | SIMATIC NET PC Software V16 | |
| Siemens | SIMATIC Process Historian OPC UA Server | |
| Siemens | SIMATIC NET PC Software V17 | |
| Siemens | SIMATIC WinCC Unified PC Runtime V18 | |
| Siemens | SIMATIC NET PC Software V15 | |
| Siemens | SIMATIC WinCC Runtime Professional | |
| Siemens | SIMATIC NET PC Software V14 | |
| Siemens | TeleControl Server Basic V3 | |
| Siemens | SIMATIC WinCC |
Timeline
- May 10, 2022 CVE Published
- Oct 8, 2024 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-321292.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-321292.html advisory
- https://support.industry.siemens.com/cs/ww/en/view/109807351/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109813587/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109807123/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109812231/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109816599/ patch