CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The...

8.8CVSS5.7AI score

Exploits0References1

NVD•added 2024/05/03 3:15 a.m.•9 views

CVE-2023-38125

8.8CVSS7.9AI score0.01063EPSS

Exploits0References1

ATTACKERKB•added 2024/05/03 3:15 a.m.•2 views

CVE-2023-38125

8.8CVSS6.8AI score0.01063EPSS

Exploits0References2Affected Software1

OSV•added 2024/05/03 2:15 a.m.•1 views

CVE-2023-27335

Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visi...

9.6CVSS5.6AI score

Exploits0References1

Vulnrichment•added 2024/05/03 1:59 a.m.•18 views

CVE-2023-38125 Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability

7.5CVSS7.8AI score0.01063EPSS

Exploits0References1

CVE•added 2024/05/03 1:59 a.m.•51 views

CVE-2023-38125

CVE-2023-38125 affects Softing edgeAggregator. The root cause is a misconfigured web server that lacks appropriate Content Security Policy headers, enabling a permissive cross-domain policy with untrusted domains. This can allow remote attackers to trigger remote code execution in the context of ...

8.8CVSS8AI score0.01063EPSS

Exploits0References1Affected Software3

Cvelist•added 2024/05/03 1:59 a.m.•21 views

CVE-2023-38125 Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability

7.5CVSS8.1AI score0.01063EPSS

Exploits0References1

CVE•added 2024/05/03 1:55 a.m.•58 views

CVE-2023-27335

Softing edgeAggregator Client is affected by a Cross-Site Scripting/Remote Code Execution vulnerability (CVE-2023-27335). The flaw lies in how the edgeAggregator client handles input parameters, with insufficient validation allowing injection of arbitrary scripts. This can enable remote code exec...

9.6CVSS8.6AI score0.01188EPSS

Exploits0References1Affected Software2

CNNVD•added 2024/05/03 12:0 a.m.•4 views

Softing edgeAggregator 安全漏洞

Softing edgeAggregator is a flexible and container-based solution from Softing for managing complex system architectures for OT/IT integration into edge and cloud applications. A security vulnerability exists in Softing edgeAggregator, which stems from a lack of proper content security policy...

8.8CVSS7.7AI score0.01063EPSS

Exploits0References2

CNNVD•added 2024/05/03 12:0 a.m.•2 views

Softing edgeAggregator 安全漏洞

Softing edgeAggregator is a flexible and container-based solution from Softing for managing complex system architectures for OT/IT integration into edge and cloud applications. A security vulnerability exists in Softing edgeAggregator that stems from input parameters provided to the EdgeAggregeto...

9.6CVSS8.9AI score0.01188EPSS

Exploits0References2

BDU FSTEC•added 2024/03/22 12:0 a.m.•1 views

The vulnerability of the data integration tool Softing edgeAggregator and the software modules for connecting controllers such as Softing edgeConnector Modbus, Softing edgeConnector 840D, Softing edgeConnector Fanuc CNC, and Softing edgeConnector Siemens lies in the transmission of accounting data in an unencrypted form. This allows unauthorized individuals to gain unauthorized access to protected information.

8.3CVSS7.2AI score0.00513EPSS

Exploits0References4Affected Software5

Vulnrichment•added 2024/03/14 8:54 p.m.•17 views

CVE-2024-0860 Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests...

8CVSS6.4AI score0.00513EPSS

Exploits0References1

CNNVD•added 2024/03/14 12:0 a.m.•4 views

Softing edgeConnector and Softing edgeAggregator Security Vulnerabilities

Softing edgeAggregator and Softing edgeConnector are both products of Softing. softing edgeAggregator is a flexible and container-based solution for managing complex system architectures for OT/IT integration into edge and cloud applications. softing edgeConnector is a Docker-based software...

8CVSS6.3AI score0.00513EPSS

Exploits0References3

OSV•added 2023/12/19 10:15 p.m.•4 views

CVE-2023-38126

Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...

7.2CVSS6.2AI score0.68611EPSS

Exploits0References1

NVD•added 2023/12/19 10:15 p.m.•8 views

CVE-2023-38126

7.2CVSS0.68611EPSS

Exploits0References1