Filtered by vendor Softing
Subscriptions
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44018 | 1 Softing | 1 Uatoolkit Embedded | 2025-04-01 | 7.5 High |
| In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application. | ||||
| CVE-2022-45920 | 1 Softing | 1 Uatoolkit Embedded | 2025-04-01 | 7.5 High |
| In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak. | ||||
| CVE-2024-0860 | 1 Softing | 2 Edgeaggregator, Edgeconnector | 2025-01-23 | 8 High |
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. | ||||
| CVE-2023-38126 | 1 Softing | 1 Edgeaggregator | 2024-11-21 | 7.2 High |
| Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543. | ||||
| CVE-2023-38125 | 1 Softing | 1 Edgeaggregator | 2024-11-21 | N/A |
| Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542. | ||||
| CVE-2023-37572 | 1 Softing | 1 Opc | 2024-11-21 | 7.5 High |
| Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted. | ||||
| CVE-2023-27335 | 1 Softing | 1 Edgeaggregator | 2024-11-21 | N/A |
| Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504. | ||||
| CVE-2022-48193 | 1 Softing | 1 Smartlink Sw-ht | 2024-11-21 | 5.9 Medium |
| Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | ||||
| CVE-2022-48192 | 1 Softing | 1 Smartlink Sw-ht | 2024-11-21 | 7.2 High |
| Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application. | ||||
| CVE-2021-42577 | 1 Softing | 3 Datafeed Opc Suite, Opc Ua C\+\+ Software Development Kit, Secure Integration Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. | ||||
| CVE-2021-42262 | 1 Softing | 3 Datafeed Opc Suite, Opc Ua C\+\+ Software Development Kit, Secure Integration Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. | ||||
| CVE-2021-40873 | 1 Softing | 7 Datafeed Opc Suite, Edgeconnector, Opc and 4 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted. | ||||
| CVE-2021-40872 | 1 Softing | 2 Smartlink Hw-dp, Uatoolkit Embedded | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted. | ||||
| CVE-2021-40871 | 1 Softing | 4 Datafeed Opc Suite, Opc, Secure Integration Server and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. | ||||
| CVE-2021-29661 | 1 Softing | 1 Opc Toolbox | 2024-11-21 | 5.4 Medium |
| Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. | ||||
| CVE-2021-29660 | 1 Softing | 1 Opc Toolbox | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | ||||
| CVE-2020-14524 | 1 Softing | 1 Opc | 2024-11-21 | 9.8 Critical |
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-14522 | 1 Softing | 1 Opc | 2024-11-21 | 7.5 High |
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | ||||
| CVE-2019-15051 | 1 Softing | 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more | 2024-11-21 | 8.8 High |
| An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | ||||
| CVE-2019-11528 | 1 Softing | 2 Uagate Si, Uagate Si Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable. | ||||