Vendor CVEs
Softx
All CVEs
60 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34107 | Hig | 0.65 | — | 0.01 | Jul 15, 2025 | A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible… | ||
| CVE-2014-6617 | Cri | 0.64 | 9.8 | 0.05 | Mar 9, 2018 | Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | ||
| CVE-2026-1842 | Med | 0.40 | — | 0.00 | Feb 20, 2026 | HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one… | ||
| CVE-2024-25075 | Med | 0.33 | 5.1 | 0.00 | Apr 2, 2024 | An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of… | ||
| CVE-2024-13058 | Med | 0.31 | — | 0.00 | Dec 30, 2024 | An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related… | ||
| CVE-2025-10650 | Low | 0.12 | — | 0.00 | Sep 18, 2025 | SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created… | ||
| CVE-2022-2334 | 0.08 | — | 0.10 | Aug 17, 2022 | The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22. | |||
| CVE-2022-1373 | 0.08 | — | 0.10 | Aug 17, 2022 | The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration"… | |||
| CVE-2003-0371 | 0.04 | — | 0.06 | Jun 16, 2003 | Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner. | |||
| CVE-2003-1369 | 0.03 | — | 0.04 | Dec 31, 2003 | Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner. | |||
| CVE-2002-0608 | 0.03 | — | 0.04 | Jun 18, 2002 | Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner. | |||
| CVE-2023-38126 | 0.01 | — | 0.69 | Dec 19, 2023 | Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this… | |||
| CVE-2019-11527 | 0.01 | — | 0.03 | Oct 10, 2019 | An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter. | |||
| CVE-2023-7339 | 0.00 | — | 0.00 | Mar 27, 2026 | Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01. | |||
| CVE-2024-14028 | 0.00 | — | 0.00 | Mar 27, 2026 | Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02. | |||
| CVE-2025-13406 | 0.00 | — | 0.00 | Mar 17, 2026 | NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43. | |||
| CVE-2025-10461 | 0.00 | — | 0.00 | Mar 16, 2026 | Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03. | |||
| CVE-2025-10685 | 0.00 | — | 0.00 | Mar 16, 2026 | Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42 | |||
| CVE-2023-39482 | 0.00 | — | 0.01 | May 3, 2024 | Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to… | |||
| CVE-2023-39481 | 0.00 | — | 0.01 | May 3, 2024 | Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this… | |||
| CVE-2023-39480 | 0.00 | — | 0.01 | May 3, 2024 | Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to… | |||
| CVE-2023-39479 | 0.00 | — | 0.01 | May 3, 2024 | Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability,… | |||
| CVE-2023-39478 | 0.00 | — | 0.01 | May 3, 2024 | Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to… | |||
| CVE-2023-38125 | 0.00 | — | 0.01 | May 3, 2024 | Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this… | |||
| CVE-2023-27336 | 0.00 | — | 0.01 | May 3, 2024 | Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to… | |||
| CVE-2023-27335 | 0.00 | — | 0.01 | May 3, 2024 | Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that… | |||
| CVE-2023-27334 | 0.00 | — | 0.01 | May 3, 2024 | Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to… | |||
| CVE-2024-0860 | 0.00 | — | 0.01 | Mar 14, 2024 | The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. | |||
| CVE-2023-37571 | 0.00 | — | 0.00 | Jan 30, 2024 | Softing TH SCOPE through 3.70 allows XSS. | |||
| CVE-2023-41151 | 0.00 | — | 0.01 | Dec 14, 2023 | An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. | |||
| CVE-2023-45085 | 0.00 | — | 0.00 | Dec 5, 2023 | An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of… | |||
| CVE-2023-45084 | 0.00 | — | 0.00 | Dec 5, 2023 | An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and… | |||
| CVE-2023-45083 | 0.00 | — | 0.00 | Dec 5, 2023 | An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication… | |||
| CVE-2023-37572 | 0.00 | — | 0.01 | Dec 5, 2023 | Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted. | |||
| CVE-2022-48193 | 0.00 | — | 0.00 | Nov 6, 2023 | Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | |||
| CVE-2022-48192 | 0.00 | — | 0.00 | Nov 6, 2023 | Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application. | |||
| CVE-2022-45920 | 0.00 | — | 0.01 | Jan 25, 2023 | In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak. | |||
| CVE-2022-44018 | 0.00 | — | 0.01 | Jan 25, 2023 | In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application. | |||
| CVE-2022-39823 | 0.00 | — | 0.01 | Oct 20, 2022 | An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error | |||
| CVE-2022-37453 | 0.00 | — | 0.01 | Oct 20, 2022 | An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types. | |||
| CVE-2022-2337 | 0.00 | — | 0.01 | Aug 17, 2022 | A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. | |||
| CVE-2022-1069 | 0.00 | — | 0.01 | Aug 17, 2022 | A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | |||
| CVE-2022-2338 | 0.00 | — | 0.00 | Aug 17, 2022 | Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the… | |||
| CVE-2022-2335 | 0.00 | — | 0.01 | Aug 17, 2022 | A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | |||
| CVE-2022-1748 | 0.00 | — | 0.01 | Aug 17, 2022 | Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability. | |||
| CVE-2022-2336 | 0.00 | — | 0.01 | Aug 17, 2022 | Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon… | |||
| CVE-2022-2547 | 0.00 | — | 0.01 | Aug 17, 2022 | A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | |||
| CVE-2021-32994 | 0.00 | — | 0.02 | Apr 4, 2022 | Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several… | |||
| CVE-2021-42577 | 0.00 | — | 0.01 | Mar 11, 2022 | An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. | |||
| CVE-2021-42262 | 0.00 | — | 0.01 | Mar 11, 2022 | An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. |
- risk 0.65cvss —epss 0.01
A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible…
- risk 0.64cvss 9.8epss 0.05
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
- risk 0.40cvss —epss 0.00
HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one…
- risk 0.33cvss 5.1epss 0.00
An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of…
- risk 0.31cvss —epss 0.00
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related…
- risk 0.12cvss —epss 0.00
SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created…
- CVE-2022-2334Aug 17, 2022risk 0.08cvss —epss 0.10
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.
- CVE-2022-1373Aug 17, 2022risk 0.08cvss —epss 0.10
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration"…
- CVE-2003-0371Jun 16, 2003risk 0.04cvss —epss 0.06
Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner.
- CVE-2003-1369Dec 31, 2003risk 0.03cvss —epss 0.04
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
- CVE-2002-0608Jun 18, 2002risk 0.03cvss —epss 0.04
Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner.
- CVE-2023-38126Dec 19, 2023risk 0.01cvss —epss 0.69
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this…
- CVE-2019-11527Oct 10, 2019risk 0.01cvss —epss 0.03
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.
- CVE-2023-7339Mar 27, 2026risk 0.00cvss —epss 0.00
Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01.
- CVE-2024-14028Mar 27, 2026risk 0.00cvss —epss 0.00
Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02.
- CVE-2025-13406Mar 17, 2026risk 0.00cvss —epss 0.00
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
- CVE-2025-10461Mar 16, 2026risk 0.00cvss —epss 0.00
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03.
- CVE-2025-10685Mar 16, 2026risk 0.00cvss —epss 0.00
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42
- CVE-2023-39482May 3, 2024risk 0.00cvss —epss 0.01
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to…
- CVE-2023-39481May 3, 2024risk 0.00cvss —epss 0.01
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this…
- CVE-2023-39480May 3, 2024risk 0.00cvss —epss 0.01
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to…
- CVE-2023-39479May 3, 2024risk 0.00cvss —epss 0.01
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability,…
- CVE-2023-39478May 3, 2024risk 0.00cvss —epss 0.01
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to…
- CVE-2023-38125May 3, 2024risk 0.00cvss —epss 0.01
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this…
- CVE-2023-27336May 3, 2024risk 0.00cvss —epss 0.01
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to…
- CVE-2023-27335May 3, 2024risk 0.00cvss —epss 0.01
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that…
- CVE-2023-27334May 3, 2024risk 0.00cvss —epss 0.01
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to…
- CVE-2024-0860Mar 14, 2024risk 0.00cvss —epss 0.01
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
- CVE-2023-37571Jan 30, 2024risk 0.00cvss —epss 0.00
Softing TH SCOPE through 3.70 allows XSS.
- CVE-2023-41151Dec 14, 2023risk 0.00cvss —epss 0.01
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
- CVE-2023-45085Dec 5, 2023risk 0.00cvss —epss 0.00
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of…
- CVE-2023-45084Dec 5, 2023risk 0.00cvss —epss 0.00
An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and…
- CVE-2023-45083Dec 5, 2023risk 0.00cvss —epss 0.00
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication…
- CVE-2023-37572Dec 5, 2023risk 0.00cvss —epss 0.01
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.
- CVE-2022-48193Nov 6, 2023risk 0.00cvss —epss 0.00
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
- CVE-2022-48192Nov 6, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
- CVE-2022-45920Jan 25, 2023risk 0.00cvss —epss 0.01
In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.
- CVE-2022-44018Jan 25, 2023risk 0.00cvss —epss 0.01
In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.
- CVE-2022-39823Oct 20, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error
- CVE-2022-37453Oct 20, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.
- CVE-2022-2337Aug 17, 2022risk 0.00cvss —epss 0.01
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
- CVE-2022-1069Aug 17, 2022risk 0.00cvss —epss 0.01
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
- CVE-2022-2338Aug 17, 2022risk 0.00cvss —epss 0.00
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the…
- CVE-2022-2335Aug 17, 2022risk 0.00cvss —epss 0.01
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
- CVE-2022-1748Aug 17, 2022risk 0.00cvss —epss 0.01
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
- CVE-2022-2336Aug 17, 2022risk 0.00cvss —epss 0.01
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon…
- CVE-2022-2547Aug 17, 2022risk 0.00cvss —epss 0.01
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
- CVE-2021-32994Apr 4, 2022risk 0.00cvss —epss 0.02
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several…
- CVE-2021-42577Mar 11, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.
- CVE-2021-42262Mar 11, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.
Page 1 of 2