Full Report
A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available. [0] https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf
Analysis Summary
# Vulnerability: Denial of Service in OPC Foundation Local Discovery Server (LDS)
## CVE Details
- CVE ID: CVE-2021-40142
- CVSS Score: 7.5 (High)
- CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
## Affected Systems
- Products:
- OpenPCS 7
- SIMATIC NET PC Software
- SIMATIC Process Historian OPC UA Server
- SIMATIC WinCC
- SIMATIC WinCC Runtime Professional
- (Note: Other products mentioned in the advisory likely include TeleControl Server Basic and SIMATIC WinCC Unified PC Runtime based on history notes, but specific details are truncated.)
- Versions:
- OpenPCS 7 V9.1: All versions affected (No fix planned).
- SIMATIC NET PC Software V14: All versions < V14 SP1 Update 14.
- SIMATIC NET PC Software V15: All versions affected (No fix planned).
- SIMATIC NET PC Software V16: All versions < V16 Update 6.
- SIMATIC NET PC Software V17: All versions < V17 SP1.
- SIMATIC Process Historian OPC UA Server: All versions < V2020 SP1.
- SIMATIC WinCC: All versions < V8.0.
- SIMATIC WinCC Runtime Professional: All versions < V18.
- Configurations: Affects the OPC Foundation Local Discovery Server (LDS) component.
## Vulnerability Description
The vulnerability exists in the OPC Foundation Local Discovery Server (LDS) versions before 1.04.402.463. Remote attackers can exploit this flaw by sending carefully crafted messages. This triggers an access to a memory location after the end of a buffer (Buffer Overflow condition), leading to a Denial of Service (DoS) condition on the affected service or device.
## Exploitation
- Status: PoC available (based on E:P - Proof of Concept evidence documented in the CVSS vector, although the summary does not explicitly state if it is publicly available or used in the wild). The advisory references the OPC Foundation Security Bulletin for CVE-2021-40142.
- Complexity: Low (AC:L in CVSS vector implies low attack complexity).
- Attack Vector: Network (AV:N in CVSS vector).
## Impact
- Confidentiality: No Impact (N)
- Integrity: No Impact (N)
- Availability: High Impact (H)
## Remediation
### Patches
- **SIMATIC NET PC Software V14:** Update to V14 SP1 Update 14 or later.
- **SIMATIC NET PC Software V16:** Update to V16 Update 6 or later.
- **SIMATIC NET PC Software V17:** Update to V17 SP1 or later.
- **SIMATIC Process Historian OPC UA Server:** Update to V2020 SP1 or later. (For PCS neo, update to V3.1 SP1; for PCS 7, update to V9.1 SP1).
- **SIMATIC WinCC:** Update to V8.0 or later.
- **SIMATIC WinCC Runtime Professional:** Update to V18 or later.
### Workarounds
For products where fixes are not yet available (e.g., OpenPCS 7 V9.1, SIMATIC NET PC Software V15), Siemens recommends specific unspecified countermeasures detailed in the advisory's Workarounds and Mitigations section (not fully transcribed here). Users must consult the full SSA-321292 document for these specific mitigation steps.
## Detection
- Indicators of Compromise: Unexpected termination or unavailability of services hosted by the vulnerable LDS component.
- Detection methods and tools: Monitoring network traffic for unusual or malformed messages directed at the OPC LDS service endpoint, especially those designed to test buffer boundaries.
## References
- Vendor Advisories: SSA-321292
- Relevant links:
- hxxps://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf
- hxxps://cert-portal.siemens.com/productcert/html/ssa-321292.html