OPC UA C++ SDK
by Softx
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41151 | 0.00 | — | 0.01 | Dec 14, 2023 | An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. | |||
| CVE-2022-37453 | 0.00 | — | 0.01 | Oct 20, 2022 | An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types. | |||
| CVE-2022-39823 | 0.00 | — | 0.01 | Oct 20, 2022 | An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error | |||
| CVE-2022-1748 | 0.00 | — | 0.01 | Aug 17, 2022 | Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability. | |||
| CVE-2021-32994 | 0.00 | — | 0.02 | Apr 4, 2022 | Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several… | |||
| CVE-2021-42577 | 0.00 | — | 0.01 | Mar 11, 2022 | An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. | |||
| CVE-2021-42262 | 0.00 | — | 0.01 | Mar 11, 2022 | An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. | |||
| CVE-2021-40873 | 0.00 | — | 0.01 | Nov 10, 2021 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a… | |||
| CVE-2021-40871 | 0.00 | — | 0.01 | Nov 10, 2021 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. |
- CVE-2023-41151Dec 14, 2023risk 0.00cvss —epss 0.01
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
- CVE-2022-37453Oct 20, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.
- CVE-2022-39823Oct 20, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error
- CVE-2022-1748Aug 17, 2022risk 0.00cvss —epss 0.01
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
- CVE-2021-32994Apr 4, 2022risk 0.00cvss —epss 0.02
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several…
- CVE-2021-42577Mar 11, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.
- CVE-2021-42262Mar 11, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.
- CVE-2021-40873Nov 10, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a…
- CVE-2021-40871Nov 10, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.