Vendor CVEs
Softx
All CVEs
60 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-40873 | 0.00 | — | 0.01 | Nov 10, 2021 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a… | |||
| CVE-2021-40872 | 0.00 | — | 0.01 | Nov 10, 2021 | An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash… | |||
| CVE-2021-40871 | 0.00 | — | 0.01 | Nov 10, 2021 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. | |||
| CVE-2020-14524 | 0.00 | — | 0.03 | Aug 25, 2020 | Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | |||
| CVE-2020-14522 | 0.00 | — | 0.01 | Aug 25, 2020 | Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | |||
| CVE-2019-11528 | 0.00 | — | 0.01 | Oct 10, 2019 | An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable. | |||
| CVE-2019-15051 | 0.00 | — | 0.03 | Oct 10, 2019 | An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | |||
| CVE-2019-11526 | 0.00 | — | 0.02 | Oct 10, 2019 | An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations. | |||
| CVE-2014-6616 | 0.00 | — | 0.02 | Aug 31, 2015 | Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. | |||
| CVE-2010-3096 | 0.00 | — | 0.01 | Aug 20, 2010 | Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename. |
- CVE-2021-40873Nov 10, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a…
- CVE-2021-40872Nov 10, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash…
- CVE-2021-40871Nov 10, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.
- CVE-2020-14524Aug 25, 2020risk 0.00cvss —epss 0.03
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
- CVE-2020-14522Aug 25, 2020risk 0.00cvss —epss 0.01
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
- CVE-2019-11528Oct 10, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.
- CVE-2019-15051Oct 10, 2019risk 0.00cvss —epss 0.03
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
- CVE-2019-11526Oct 10, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.
- CVE-2014-6616Aug 31, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/.
- CVE-2010-3096Aug 20, 2010risk 0.00cvss —epss 0.01
Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename.
Page 2 of 2