17 matches found
CVE-2022-2335
Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...
CVE-2022-1373
CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...
CVE-2022-2336
CVE-2022-2336 describes an improper authentication flaw in Softing Secure Integration Server, edgeConnector, and edgeAggregator caused by default administrator credentials (admin/admin). The vulnerability enables direct login to perform administrative actions without password change prompts, with...
CVE-2022-2338
Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...
CVE-2022-37453
CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...
CVE-2022-2334
CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...
CVE-2022-2547
CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...
CVE-2022-2337
Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...
CVE-2022-1748
CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...
CVE-2023-39482
The CVE-2023-39482 entry concerns Softing Secure Integration Server. The issue is located in the libopcuaclient.so component and stems from hardcoded cryptographic keys, enabling a remote attacker to disclose stored credentials and potentially facilitate further compromise. According to the provi...
CVE-2023-27335
Softing edgeAggregator Client is affected by a Cross-Site Scripting/Remote Code Execution vulnerability (CVE-2023-27335). The flaw lies in how the edgeAggregator client handles input parameters, with insufficient validation allowing injection of arbitrary scripts. This can enable remote code exec...
CVE-2022-1069
CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...
CVE-2023-27336
CVE-2023-27336 affects Softing edgeConnector Siemens OPC UA Server via a NULL pointer dereference in the handling of OPC client certificates. This unauthenticated, network-exploitable vulnerability can cause a denial-of-service condition on affected installations. The documented impact is limited...
CVE-2024-0860
CVE-2024-0860 affects Softing edgeConnector (v3.60) and Softing edgeAggregator (v3.60). The vulnerability is cleartext transmission of sensitive information, allowing an attacker to capture packets and craft requests. Public sources (CISA ICS advisory ICSA-24-074-13 and ZDI) confirm the issue and...
CVE-2023-27334
CVE-2023-27334 concerns the Softing edgeConnector Siemens product. The flaw exists in the handling of OPC UA ConditionRefresh requests, allowing remote attackers to exhaust server resources by sending a large number of requests, resulting in a denial-of-service condition. Authentication is not re...
CVE-2023-38125
CVE-2023-38125 affects Softing edgeAggregator. The root cause is a misconfigured web server that lacks appropriate Content Security Policy headers, enabling a permissive cross-domain policy with untrusted domains. This can allow remote attackers to trigger remote code execution in the context of ...
CVE-2023-38126
Softing CVE-2023-38126 is a directory traversal leading to remote code execution in Softing edgeAggregator and edgeConnector. The vulnerability stems from insufficient validation of a user-supplied path when processing backup zip files, allowing an attacker with network access and admin privilege...