Lucene search
K
SoftingEdgeconnector

16 matches found

CVE
CVE
added 2022/08/17 8:13 p.m.78 views

CVE-2022-2335

Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2022/08/17 8:10 p.m.73 views

CVE-2022-1373

CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...

7.2CVSS7.2AI score0.10229EPSS
CVE
CVE
added 2022/10/20 12:0 a.m.72 views

CVE-2022-37453

CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...

7.5CVSS7.7AI score0.00701EPSS
CVE
CVE
added 2022/08/17 8:7 p.m.71 views

CVE-2022-2336

CVE-2022-2336 describes an improper authentication flaw in Softing Secure Integration Server, edgeConnector, and edgeAggregator caused by default administrator credentials (admin/admin). The vulnerability enables direct login to perform administrative actions without password change prompts, with...

9.8CVSS9.6AI score0.00851EPSS
CVE
CVE
added 2022/08/17 8:15 p.m.71 views

CVE-2022-2338

Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...

5.7CVSS5.8AI score0.00187EPSS
CVE
CVE
added 2022/08/17 8:11 p.m.69 views

CVE-2022-2334

CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...

7.2CVSS7.4AI score0.09501EPSS
CVE
CVE
added 2022/08/17 8:6 p.m.68 views

CVE-2022-2547

CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:18 p.m.67 views

CVE-2022-2337

Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:8 p.m.62 views

CVE-2022-1748

CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...

7.5CVSS7.6AI score0.00852EPSS
CVE
CVE
added 2024/05/03 2:10 a.m.61 views

CVE-2023-39482

The CVE-2023-39482 entry concerns Softing Secure Integration Server. The issue is located in the libopcuaclient.so component and stems from hardcoded cryptographic keys, enabling a remote attacker to disclose stored credentials and potentially facilitate further compromise. According to the provi...

6.5CVSS4.8AI score0.0111EPSS
CVE
CVE
added 2024/03/14 8:54 p.m.61 views

CVE-2024-0860

CVE-2024-0860 affects Softing edgeConnector (v3.60) and Softing edgeAggregator (v3.60). The vulnerability is cleartext transmission of sensitive information, allowing an attacker to capture packets and craft requests. Public sources (CISA ICS advisory ICSA-24-074-13 and ZDI) confirm the issue and...

8CVSS7.6AI score0.00513EPSS
CVE
CVE
added 2022/08/17 8:17 p.m.60 views

CVE-2022-1069

CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.60 views

CVE-2023-27336

CVE-2023-27336 affects Softing edgeConnector Siemens OPC UA Server via a NULL pointer dereference in the handling of OPC client certificates. This unauthenticated, network-exploitable vulnerability can cause a denial-of-service condition on affected installations. The documented impact is limited...

7.5CVSS7.4AI score0.00754EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.58 views

CVE-2023-27334

CVE-2023-27334 concerns the Softing edgeConnector Siemens product. The flaw exists in the handling of OPC UA ConditionRefresh requests, allowing remote attackers to exhaust server resources by sending a large number of requests, resulting in a denial-of-service condition. Authentication is not re...

7.5CVSS7.5AI score0.01322EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.53 views

CVE-2023-38125

CVE-2023-38125 affects Softing edgeAggregator. The root cause is a misconfigured web server that lacks appropriate Content Security Policy headers, enabling a permissive cross-domain policy with untrusted domains. This can allow remote attackers to trigger remote code execution in the context of ...

8.8CVSS8AI score0.01063EPSS
CVE
CVE
added 2021/11/10 10:48 p.m.52 views

CVE-2021-40873

The CVE-2021-40873 issue affects Softing Industrial Automation’s OPC UA C++ SDK (pre-5.66) and uaToolkit Embedded (pre-1.40). The vulnerability is a remote-triggered denial of service due to a double-free error that can cause the server process to crash and require restart. Exploitation is descri...

7.5CVSS7.4AI score0.01267EPSS