Vulnerability Description
Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Plc4X | < 0.9.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/12/20/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7Vendor Advisory
- http://www.openwall.com/lists/oss-security/2021/12/20/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread/jxx6qc84z60xbbhn6vp2s5qf09psrtc7Vendor Advisory
FAQ
What is CVE-2021-43083?
CVE-2021-43083 is a vulnerability with a CVSS score of 8.8 (HIGH). Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this...
How severe is CVE-2021-43083?
CVE-2021-43083 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43083?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Plc4X.