17 matches found
CVE-2022-2335
Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...
CVE-2020-14524
CVE-2020-14524 affects Softing Industrial Automation OPC: all versions prior to the latest build of 4.47.0 are vulnerable to a heap-based buffer overflow (CWE-122) that may allow remote code execution. CVSS v3 base score 9.8 (CRITICAL) with NETWORK attack vector, no privileges, no user interactio...
CVE-2022-1373
CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...
CVE-2022-2336
CVE-2022-2336 describes an improper authentication flaw in Softing Secure Integration Server, edgeConnector, and edgeAggregator caused by default administrator credentials (admin/admin). The vulnerability enables direct login to perform administrative actions without password change prompts, with...
CVE-2022-37453
CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...
CVE-2022-2334
CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...
CVE-2022-2338
Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...
CVE-2022-2337
Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...
CVE-2022-2547
CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...
CVE-2022-1069
CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...
CVE-2022-1748
CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...
CVE-2022-39823
CVE-2022-39823 affects Softing OPC UA C++ SDK versions 5.66 through 6.x before 6.10. The issue is a use-after-free caused by an OPC/UA browse request that exceeds the server limit on continuation points, leading to potential memory mismanagement. The vulnerability is documented with a high impact...
CVE-2021-40873
The CVE-2021-40873 issue affects Softing Industrial Automation’s OPC UA C++ SDK (pre-5.66) and uaToolkit Embedded (pre-1.40). The vulnerability is a remote-triggered denial of service due to a double-free error that can cause the server process to crash and require restart. Exploitation is descri...
CVE-2021-40871
CVE-2021-40871 affects Softing Industrial Automation’s OPC UA C++ SDK prior to 5.66. Remote attackers can trigger a denial of service by sending crafted messages to an OPC UA client. The vulnerability causes the client process to crash due to an incorrect type cast, requiring a restart. The issue...
CVE-2023-37572
Softing OPC Suite prior to 5.25 contains an Incorrect Access Control flaw in OSF_discovery service. Weak permissions could allow an attacker to read sensitive information and modify or delete the service executable. CVSSv3.1 base score 7.5 (HIGH) with network attack vector, low complexity, no pri...
CVE-2023-41151
CVE-2023-41151 concerns Softing OPC UA C++ SDK for Windows prior to 6.30. The issue is an uncaught exception that may crash the application when the server attempts to send an error packet while a socket is blocked on writing. Affects versions before 6.30; a fix is provided by upgrading to 6.30 o...
CVE-2020-14522
CVE-2020-14522 affects Softing Industrial Automation OPC products: all versions prior to the latest build of 4.47.0 are vulnerable to uncontrolled resource consumption that can lead to a denial-of-service. Affected component is OPC servers/services; root cause described as uncontrolled resource c...