{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "publisher": { "category": "vendor", "name": "Softing Industrial Automation GmbH", "namespace": "https://industrial.softing.com", "contact_details": "Softing PSIRT - contact us at psirt@softing.com" }, "title": "NULL pointer dereference vulnerability in OPC UA C++ SDK, Secure Integration Server, edgeConnector and edgeAggregator", "tracking": { "current_release_date": "2023-11-28T14:20:57.197Z", "id": "SYT-2022-7", "initial_release_date": "2022-07-29T10:00:00.000Z", "revision_history": [ { "date": "2022-07-29T10:00:00.000Z", "number": "1.0.0", "summary": "Initial version" }, { "date": "2022-12-02T11:00:00.000Z", "number": "2.0.0", "summary": "Release of Softing OPC UA C++ SDK V6.10" }, { "number": "3.0.0", "summary": "Fixes for Secure Integration Server, edgeConnector and edgeAggregator", "date": "2023-11-28T14:20:57.197Z" } ], "status": "final", "version": "3.0.0", "generator": { "date": "2023-11-28T14:26:34.989Z", "engine": { "version": ".2.2.15", "name": "Secvisogram" } } }, "source_lang": "en-US", "aggregate_severity": { "text": "high" }, "notes": [ { "category": "legal_disclaimer", "text": "The information provided in this disclosure is provided \"as is\" without warranty of any kind.\nSofting disclaims all warranties, either express or implied, including the warranties of\nmerchantability and fitness for a particular purpose. In no event shall Softing or its suppliers be\nliable for any damages whatsoever including direct, indirect, incidental, consequential, loss of\nbusiness profits or special damages, even if Softing or its suppliers have been advised of the\npossibility of such damages.\nSome states do not allow the exclusion or limitation of liability for consequential or incidental\ndamages so the foregoing limitation may not apply.\n", "title": "Disclaimer" } ] }, "product_tree": { "branches": [ { "category": "product_version_range", "name": "Softing OPC UA C++ SDK <= V6.00", "product": { "product_id": "CSAFPID-0001", "name": "Softing OPC UA C++ SDK <= V6.00" } }, { "category": "product_version_range", "name": "Softing Secure Integration Server <= V1.22", "product": { "product_id": "CSAFPID-0002", "name": "Softing Secure Integration Server <= V1.22" } }, { "category": "product_version_range", "name": "Softing edgeConnector <= V3.50", "product": { "product_id": "CSAFPID-0003", "name": "Softing edgeConnector Siemens <= V3.10" } }, { "category": "product_version_range", "name": "Softing edgeAggregator <= V3.50", "product": { "product_id": "CSAFPID-0004", "name": "Softing edgeAggregator <= V3.10" } }, { "category": "product_version", "name": "Softing OPC UA C++ SDK V6.10", "product": { "name": "Softing OPC UA C++ SDK V6.10", "product_id": "CSAFPID-0101" } }, { "name": "Softing Secure Integration Server V1.30", "category": "product_version", "product": { "name": "Softing Secure Integration Server V1.30", "product_id": "CSAFPID-0102" } }, { "name": "Softing edgeConnector V3.50", "product": { "name": "Softing edgeConnector V3.50", "product_id": "CSAFPID-0103" }, "category": "product_version" }, { "name": "Softing edgeAggregator V3.50", "category": "product_version", "product": { "name": "Softing edgeAggregator V3.50", "product_id": "CSAFPID-0104" } } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Vera Mens", "Uri Katz", "Sharon Brizinov" ], "organization": "Claroty Research working with Trend Micro Zero Day Initiative" } ], "scores": [ { "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004" ], "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" } } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004" ], "fixed": [ "CSAFPID-0101", "CSAFPID-0102", "CSAFPID-0103", "CSAFPID-0104" ] }, "notes": [ { "category": "summary", "text": "The application crashes after several OPC UA methods have been called and the OPC UA session is closed before the methods have been finished." } ], "discovery_date": "2022-05-10T10:00:00.000Z", "remediations": [ { "category": "mitigation", "details": "Disable the posibility to establish unauthenticated sessions to the OPC UA server, because the atttack works on an established OPC UA session.", "product_ids": [ "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004" ] }, { "category": "workaround", "details": "Remove the optional methods „ResendData“ (ns=0;i=12873 and ns=0;i=12871) und „GetMonitoredItems“ (ns=0;i=11492 and ns=0;i=11489) from address space. Only these methods are affected.\n\nOr call the method Application::instance()->setEnableServiceGroup(EnumServiceGroup_Methods, false) during the server initialization to disable all OPC UA methods.\n", "product_ids": [ "CSAFPID-0001" ] } ], "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "ids": [ { "system_name": "Softing isssue id", "text": "2022-10" }, { "system_name": "Trend Micro Zero Day Initiative issue id", "text": "ZDI-CAN-16442" } ], "cve": "CVE-2022-1748" } ] }