CVE-2024-25075 is a vulnerability identified in Softing uaToolkit Embedded prior to version 1.41.1. The flaw occurs when a subscription is created with a very low MaxNotificationPerPublish parameter, which controls the maximum number of notifications sent per publish response. Due to improper handling of the publish response under these conditions, the system consumes excessive memory. This memory consumption is not properly released, leading to gradual exhaustion of available memory resources. When this condition is triggered repeatedly, the device eventually runs out of memory, resulting in a denial of service (DoS) condition where the device may become unresponsive or crash. The vulnerability has a CVSS 3.1 base score of 5.1, indicating medium severity. The attack vector is local (AV:L), meaning the attacker must have local access to the device or system running the vulnerable software. No privileges are required (PR:N), and no user interaction is necessary (UI:N). The scope is unchanged (S:U), and the impact affects integrity and availability but not confidentiality. No known exploits have been reported in the wild, and no official patches or mitigation links have been published at the time of this analysis. The vulnerability primarily affects embedded and industrial devices using Softing uaToolkit Embedded, which is commonly employed in industrial automation and control systems for OPC UA communication.

The primary impact of this vulnerability is a denial of service (DoS) condition caused by memory exhaustion. For organizations relying on Softing uaToolkit Embedded in industrial control systems, embedded devices, or automation infrastructure, this could lead to device crashes or unresponsiveness, disrupting operational technology (OT) environments. Such disruptions could halt manufacturing processes, degrade system reliability, or cause safety systems to fail, depending on the deployment context. Since the attack requires local access, the risk is somewhat mitigated by physical or network access controls, but insider threats or attackers who gain local footholds could exploit this vulnerability. The lack of confidentiality impact reduces the risk of data breaches, but integrity and availability impacts could have significant operational consequences. The absence of known exploits suggests limited current threat activity, but the vulnerability should be addressed proactively to avoid future exploitation.

Organizations should upgrade Softing uaToolkit Embedded to version 1.41.1 or later once available, as this version addresses the vulnerability. Until patches are applied, implement strict access controls to limit local access to devices running the vulnerable software, including network segmentation and physical security measures. Monitor device memory usage and system logs for signs of abnormal memory consumption or repeated publish requests with low MaxNotificationPerPublish values. If possible, configure subscriptions to avoid very low MaxNotificationPerPublish parameters or validate input parameters to prevent triggering the vulnerability. Employ intrusion detection systems (IDS) or anomaly detection tools tailored for industrial protocols to identify suspicious activity. Regularly review and update incident response plans to include scenarios involving denial of service in embedded and industrial systems. Engage with Softing support or vendor channels for timely updates and advisories.