Lucene search
K

113 matches found

CVE
CVE
added 2024/05/03 2:10 a.m.54 views

CVE-2023-39479

Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability (CVE-2023-39479) affects the OPC UA Gateway handling of FileDirectory OPC UA Objects. The flaw allows remote attackers, bypassing authentication, to create directories by accessing the filesystem, potentially enabli...

8.8CVSS6.7AI score0.01252EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/03 2:10 a.m.34 views

CVE-2023-39478 Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability

Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

6.6CVSS7.1AI score0.01252EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.8 views

Softing Secure Integration Server 安全漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing, and security supervision. A security vulnerability exists in Softing Secure Integration...

8.8CVSS7AI score0.01252EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.5 views

Softing Secure Integration Server 安全漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A security vulnerability exists in Softing Secure Integration...

8.8CVSS7AI score0.01252EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.8 views

The vulnerability lies in the implementation of OPC UA software methods for connection integration with the Softing OPC UA C++ SDK, as well as the Secure Integration Server data integration tool. This allows attackers to execute arbitrary code.

The vulnerability of the implementation of OPC UA software for connectivity integration with Softing OPC UA C++ SDK lies in the incorrect path name limitation for accessing the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.7CVSS7AI score
Exploits0References4Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2023/08/09 12:0 a.m.27 views

(0Day) Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

4.9CVSS6.3AI score0.0111EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/08/09 12:0 a.m.20 views

(0Day) (Pwn2Own) Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the web...

6.6CVSS7.3AI score0.01252EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.8 views

PT-2023-26965 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to create directories on affected installations, despite requiring authentication to exploit. The flaw exists within the handlin...

8.8CVSS7AI score0.01252EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2023/08/09 12:0 a.m.21 views

(0Day) (Pwn2Own) Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

4.4CVSS7.3AI score0.00959EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/08/09 12:0 a.m.30 views

(0Day) (Pwn2Own) Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

6.6CVSS7.1AI score0.01252EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.5 views

PT-2023-26964 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this, the existing...

8.8CVSS6.9AI score0.01252EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.5 views

PT-2023-26966 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations, despite requiring authentication, which can be bypassed. The flaw exists...

6.5CVSS5.3AI score0.00959EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.9 views

PT-2023-26968 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Although authentication is required to exploit this issue, the...

6.5CVSS5.3AI score0.0111EPSS
Exploits0References4
Metasploit
Metasploit
added 2023/03/01 7:50 p.m.136 views

Softing Secure Integration Server Login Utility

This module will attempt to authenticate to a Softing Secure Integration Server. Module Options msf use auxiliary/scanner/http/softingsislogin msf auxiliarysoftingsislogin show actions ...actions... msf auxiliarysoftingsislogin set ACTION msf auxiliarysoftingsislogin show options ...show and set...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/14 12:0 a.m.7 views

PT-2022-7027 · Softing · Softing Opc Ua C++ Sdk +1

Name of the Vulnerable Software and Affected Versions: Softing OPC UA C++ SDK versions affected versions not specified Softing Secure Integration Server versions affected versions not specified Description: The issue is related to the incorrect restriction of a directory path name with limited...

7.3CVSS7.3AI score
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2022/08/23 12:0 a.m.30 views

Softing Secure Integration Server Content-Type NULL Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the Content-Type HTTP header. The issu...

7.5CVSS1AI score0.01297EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/08/23 12:0 a.m.22 views

Softing Secure Integration Server Content-Length Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the Content-Length HTTP header. The...

7.5CVSS0.4AI score0.01324EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/08/23 12:0 a.m.36 views

(Pwn2Own) Softing Secure Integration Server wbemcomn Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Softing Secure Integration Server. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.2CVSS3.9AI score0.09501EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
added 2022/08/23 12:0 a.m.24 views

(Pwn2Own) Softing Secure Integration Server OPC UA Messages NULL Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the the handling of OPC UA messages. The issue results...

7.5CVSS2AI score0.00852EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/08/23 12:0 a.m.34 views

(Pwn2Own) Softing Secure Integration Server Cleartext Transmission of Sensitive Information Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing Secure Integration Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of administrator credentials provided to the...

5.7CVSS1.6AI score0.00187EPSS
Exploits0References1
Rows per page
Query Builder