113 matches found
CVE-2023-39479
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability (CVE-2023-39479) affects the OPC UA Gateway handling of FileDirectory OPC UA Objects. The flaw allows remote attackers, bypassing authentication, to create directories by accessing the filesystem, potentially enabli...
CVE-2023-39478 Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...
Softing Secure Integration Server 安全漏洞
Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing, and security supervision. A security vulnerability exists in Softing Secure Integration...
Softing Secure Integration Server 安全漏洞
Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A security vulnerability exists in Softing Secure Integration...
The vulnerability lies in the implementation of OPC UA software methods for connection integration with the Softing OPC UA C++ SDK, as well as the Secure Integration Server data integration tool. This allows attackers to execute arbitrary code.
The vulnerability of the implementation of OPC UA software for connectivity integration with Softing OPC UA C++ SDK lies in the incorrect path name limitation for accessing the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
(0Day) Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
(0Day) (Pwn2Own) Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the web...
PT-2023-26965 · Softing · Softing Secure Integration Server
Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to create directories on affected installations, despite requiring authentication to exploit. The flaw exists within the handlin...
(0Day) (Pwn2Own) Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...
(0Day) (Pwn2Own) Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...
PT-2023-26964 · Softing · Softing Secure Integration Server
Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this, the existing...
PT-2023-26966 · Softing · Softing Secure Integration Server
Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations, despite requiring authentication, which can be bypassed. The flaw exists...
PT-2023-26968 · Softing · Softing Secure Integration Server
Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Although authentication is required to exploit this issue, the...
Softing Secure Integration Server Login Utility
This module will attempt to authenticate to a Softing Secure Integration Server. Module Options msf use auxiliary/scanner/http/softingsislogin msf auxiliarysoftingsislogin show actions ...actions... msf auxiliarysoftingsislogin set ACTION msf auxiliarysoftingsislogin show options ...show and set...
PT-2022-7027 · Softing · Softing Opc Ua C++ Sdk +1
Name of the Vulnerable Software and Affected Versions: Softing OPC UA C++ SDK versions affected versions not specified Softing Secure Integration Server versions affected versions not specified Description: The issue is related to the incorrect restriction of a directory path name with limited...
Softing Secure Integration Server Content-Type NULL Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the Content-Type HTTP header. The issu...
Softing Secure Integration Server Content-Length Out-Of-Bounds Read Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the Content-Length HTTP header. The...
(Pwn2Own) Softing Secure Integration Server wbemcomn Uncontrolled Search Path Element Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Softing Secure Integration Server. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
(Pwn2Own) Softing Secure Integration Server OPC UA Messages NULL Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the the handling of OPC UA messages. The issue results...
(Pwn2Own) Softing Secure Integration Server Cleartext Transmission of Sensitive Information Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing Secure Integration Server. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of administrator credentials provided to the...