VYPR

OPC Toolbox

by Softing AG

CVEs (2)

  • CVE-2021-29660HigApr 2, 2021
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.

  • CVE-2021-29661MedApr 2, 2021
    risk 0.35cvss 5.4epss 0.01

    Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page…