BDU:2022-04114High
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Share link
Anyone with the link can open this vulnerability.
Уязвимость сервера Local Discovery Server (LDS) программного обеспечения Siemens связана с выходом операции за границы буфера в памяти. Экс…
CVSS
7.5
High
EPSS
0.00
p0
Published
2022-01-01
Updated
2022-01-01
Description
Уязвимость сервера Local Discovery Server (LDS) программного обеспечения Siemens связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании путем отправки специально созданных сообщений
Tags · CWE
Pre-auth
Affected products
Opc foundation Local discovery server (lds)Siemens ag Siemens simatic net pc softwareSiemens ag Siemens simatic net pc softwareSiemens ag Siemens simatic net pc softwareSiemens ag Siemens simatic net pc softwareSiemens ag Simatic process historianSiemens ag Simatic winccSiemens ag Simatic wincc runtime professionalSiemens ag Simatic wincc unified scada runtimeSiemens ag Telecontrol server basic
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
| Product | Vendor | Status |
|---|---|---|
| local discovery server (lds) | opc foundation | Tracked |
| siemens simatic net pc software | siemens ag | Tracked |
| siemens simatic net pc software | siemens ag | Tracked |
| siemens simatic net pc software | siemens ag | Tracked |
| siemens simatic net pc software | siemens ag | Tracked |
| simatic process historian | siemens ag | Tracked |
| simatic wincc | siemens ag | Tracked |
| simatic wincc runtime professional | siemens ag | Tracked |
| simatic wincc unified scada runtime | siemens ag | Tracked |
| telecontrol server basic | siemens ag | Tracked |
Source databases
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Related vulnerabilities