VYPR

Vendor CVEs

Softx

All CVEs

60 total · sorted by risk
  • CVE-2025-34107HigJul 15, 2025
    risk 0.65cvss epss 0.01

    A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible…

  • CVE-2014-6617CriMar 9, 2018
    risk 0.64cvss 9.8epss 0.05

    Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

  • CVE-2026-1842MedFeb 20, 2026
    risk 0.40cvss epss 0.00

    HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one…

  • CVE-2024-25075MedApr 2, 2024
    risk 0.33cvss 5.1epss 0.00

    An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of…

  • CVE-2024-13058MedDec 30, 2024
    risk 0.31cvss epss 0.00

    An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related…

  • CVE-2025-10650LowSep 18, 2025
    risk 0.12cvss epss 0.00

    SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created…

  • CVE-2022-2334Aug 17, 2022
    risk 0.08cvss epss 0.10

    The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.

  • CVE-2022-1373Aug 17, 2022
    risk 0.08cvss epss 0.10

    The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration"…

  • CVE-2003-0371Jun 16, 2003
    risk 0.04cvss epss 0.06

    Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner.

  • CVE-2003-1369Dec 31, 2003
    risk 0.03cvss epss 0.04

    Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.

  • CVE-2002-0608Jun 18, 2002
    risk 0.03cvss epss 0.04

    Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner.

  • CVE-2023-38126Dec 19, 2023
    risk 0.01cvss epss 0.69

    Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this…

  • CVE-2019-11527Oct 10, 2019
    risk 0.01cvss epss 0.03

    An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.

  • CVE-2023-7339Mar 27, 2026
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01.

  • CVE-2024-14028Mar 27, 2026
    risk 0.00cvss epss 0.00

    Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02.

  • CVE-2025-13406Mar 17, 2026
    risk 0.00cvss epss 0.00

    NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.

  • CVE-2025-10461Mar 16, 2026
    risk 0.00cvss epss 0.00

    Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03.

  • CVE-2025-10685Mar 16, 2026
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42

  • CVE-2023-39482May 3, 2024
    risk 0.00cvss epss 0.01

    Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to…

  • CVE-2023-39481May 3, 2024
    risk 0.00cvss epss 0.01

    Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this…

  • CVE-2023-39480May 3, 2024
    risk 0.00cvss epss 0.01

    Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to…

  • CVE-2023-39479May 3, 2024
    risk 0.00cvss epss 0.01

    Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability,…

  • CVE-2023-39478May 3, 2024
    risk 0.00cvss epss 0.01

    Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to…

  • CVE-2023-38125May 3, 2024
    risk 0.00cvss epss 0.01

    Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this…

  • CVE-2023-27336May 3, 2024
    risk 0.00cvss epss 0.01

    Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to…

  • CVE-2023-27335May 3, 2024
    risk 0.00cvss epss 0.01

    Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that…

  • CVE-2023-27334May 3, 2024
    risk 0.00cvss epss 0.01

    Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to…

  • CVE-2024-0860Mar 14, 2024
    risk 0.00cvss epss 0.01

    The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.

  • CVE-2023-37571Jan 30, 2024
    risk 0.00cvss epss 0.00

    Softing TH SCOPE through 3.70 allows XSS.

  • CVE-2023-41151Dec 14, 2023
    risk 0.00cvss epss 0.01

    An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.

  • CVE-2023-45085Dec 5, 2023
    risk 0.00cvss epss 0.00

    An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of…

  • CVE-2023-45084Dec 5, 2023
    risk 0.00cvss epss 0.00

    An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and…

  • CVE-2023-45083Dec 5, 2023
    risk 0.00cvss epss 0.00

    An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication…

  • CVE-2023-37572Dec 5, 2023
    risk 0.00cvss epss 0.01

    Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.

  • CVE-2022-48193Nov 6, 2023
    risk 0.00cvss epss 0.00

    Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).

  • CVE-2022-48192Nov 6, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.

  • CVE-2022-45920Jan 25, 2023
    risk 0.00cvss epss 0.01

    In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.

  • CVE-2022-44018Jan 25, 2023
    risk 0.00cvss epss 0.01

    In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.

  • CVE-2022-39823Oct 20, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error

  • CVE-2022-37453Oct 20, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.

  • CVE-2022-2337Aug 17, 2022
    risk 0.00cvss epss 0.01

    A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.

  • CVE-2022-1069Aug 17, 2022
    risk 0.00cvss epss 0.01

    A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

  • CVE-2022-2338Aug 17, 2022
    risk 0.00cvss epss 0.00

    Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the…

  • CVE-2022-2335Aug 17, 2022
    risk 0.00cvss epss 0.01

    A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

  • CVE-2022-1748Aug 17, 2022
    risk 0.00cvss epss 0.01

    Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.

  • CVE-2022-2336Aug 17, 2022
    risk 0.00cvss epss 0.01

    Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon…

  • CVE-2022-2547Aug 17, 2022
    risk 0.00cvss epss 0.01

    A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

  • CVE-2021-32994Apr 4, 2022
    risk 0.00cvss epss 0.02

    Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several…

  • CVE-2021-42577Mar 11, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.

  • CVE-2021-42262Mar 11, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.

Page 1 of 2