Lucene search
K
SoftingEdgeaggregator

17 matches found

CVE
CVE
added 2022/08/17 8:13 p.m.76 views

CVE-2022-2335

Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2022/08/17 8:10 p.m.72 views

CVE-2022-1373

CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...

7.2CVSS7.2AI score0.10229EPSS
CVE
CVE
added 2022/08/17 8:7 p.m.70 views

CVE-2022-2336

CVE-2022-2336 describes an improper authentication flaw in Softing Secure Integration Server, edgeConnector, and edgeAggregator caused by default administrator credentials (admin/admin). The vulnerability enables direct login to perform administrative actions without password change prompts, with...

9.8CVSS9.6AI score0.00851EPSS
CVE
CVE
added 2022/08/17 8:15 p.m.69 views

CVE-2022-2338

Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...

5.7CVSS5.8AI score0.00187EPSS
CVE
CVE
added 2022/10/20 12:0 a.m.69 views

CVE-2022-37453

CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...

7.5CVSS7.7AI score0.00701EPSS
CVE
CVE
added 2022/08/17 8:11 p.m.68 views

CVE-2022-2334

CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...

7.2CVSS7.4AI score0.09501EPSS
CVE
CVE
added 2022/08/17 8:18 p.m.66 views

CVE-2022-2337

Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:6 p.m.66 views

CVE-2022-2547

CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:8 p.m.61 views

CVE-2022-1748

CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...

7.5CVSS7.6AI score0.00852EPSS
CVE
CVE
added 2024/05/03 2:10 a.m.61 views

CVE-2023-39482

The CVE-2023-39482 entry concerns Softing Secure Integration Server. The issue is located in the libopcuaclient.so component and stems from hardcoded cryptographic keys, enabling a remote attacker to disclose stored credentials and potentially facilitate further compromise. According to the provi...

6.5CVSS4.8AI score0.0111EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.60 views

CVE-2023-27335

Softing edgeAggregator Client is affected by a Cross-Site Scripting/Remote Code Execution vulnerability (CVE-2023-27335). The flaw lies in how the edgeAggregator client handles input parameters, with insufficient validation allowing injection of arbitrary scripts. This can enable remote code exec...

9.6CVSS8.6AI score0.01188EPSS
CVE
CVE
added 2022/08/17 8:17 p.m.59 views

CVE-2022-1069

CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.59 views

CVE-2023-27336

CVE-2023-27336 affects Softing edgeConnector Siemens OPC UA Server via a NULL pointer dereference in the handling of OPC client certificates. This unauthenticated, network-exploitable vulnerability can cause a denial-of-service condition on affected installations. The documented impact is limited...

7.5CVSS7.4AI score0.00754EPSS
CVE
CVE
added 2024/03/14 8:54 p.m.59 views

CVE-2024-0860

CVE-2024-0860 affects Softing edgeConnector (v3.60) and Softing edgeAggregator (v3.60). The vulnerability is cleartext transmission of sensitive information, allowing an attacker to capture packets and craft requests. Public sources (CISA ICS advisory ICSA-24-074-13 and ZDI) confirm the issue and...

8CVSS7.6AI score0.00513EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.58 views

CVE-2023-27334

CVE-2023-27334 concerns the Softing edgeConnector Siemens product. The flaw exists in the handling of OPC UA ConditionRefresh requests, allowing remote attackers to exhaust server resources by sending a large number of requests, resulting in a denial-of-service condition. Authentication is not re...

7.5CVSS7.5AI score0.01322EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.52 views

CVE-2023-38125

CVE-2023-38125 affects Softing edgeAggregator. The root cause is a misconfigured web server that lacks appropriate Content Security Policy headers, enabling a permissive cross-domain policy with untrusted domains. This can allow remote attackers to trigger remote code execution in the context of ...

8.8CVSS8AI score0.01063EPSS
CVE
CVE
added 2023/12/19 9:50 p.m.52 views

CVE-2023-38126

Softing CVE-2023-38126 is a directory traversal leading to remote code execution in Softing edgeAggregator and edgeConnector. The vulnerability stems from insufficient validation of a user-supplied path when processing backup zip files, allowing an attacker with network access and admin privilege...

7.2CVSS7.6AI score0.68611EPSS