Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-43083

Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.

Published

2021-12-19T09:15:06.633

Last Modified

2024-11-21T06:28:39.557

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-119
CWE-191
Type: Primary
CWE-191

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	plc4x	< 0.9.1	Yes

References

http://www.openwall.com/lists/oss-security/2021/12/20/2 Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/12/20/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)