Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-43083
Analyzed
More InfoOfficial Page
Source-security@apache.org
View Known Exploited Vulnerability (KEV) details
Published At-19 Dec, 2021 | 09:15
Updated At-04 Jan, 2022 | 18:00

Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
The Apache Software Foundation
apache
>>plc4x>>Versions before 0.9.1(exclusive)
cpe:2.3:a:apache:plc4x:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-191Primarynvd@nist.gov
CWE-119Secondarysecurity@apache.org
CWE-191Secondarysecurity@apache.org
CWE ID: CWE-191
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: security@apache.org
CWE ID: CWE-191
Type: Secondary
Source: security@apache.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2021/12/20/2security@apache.org
Mailing List
Third Party Advisory
https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7security@apache.org
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2021/12/20/2
Source: security@apache.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7
Source: security@apache.org
Resource:
Vendor Advisory
Change History
0Changes found
Details not found