16 matches found
CVE-2021-42262
Softing OPC UA C++ SDK prior to 5.70 is affected by an out-of-memory crash triggered by an invalid XML element in the type dictionary, causing the OPC UA client to crash. The issue is due to a malformed XML element in the type dictionary. Impact stated in the sources is availability-related (cras...
CVE-2021-32994
CVE-2021-32994 affects Softing OPC UA C++ SDK Exported library functions in OPC UA C++ SDK versions 5.59–5.64 that fail to properly validate received extension objects, enabling an attacker to crash the software by sending crafted packets that access multiple memory locations (memory corruption)....
CVE-2021-42577
CVE-2021-42577 affects Softing OPC UA C++ SDK prior to version 5.70. The vulnerability arises from a malformed OPC/UA message abort packet that causes the client to crash due to a NULL pointer dereference. Reported in CVE entries and corroborated by multiple sources, including NVD, which lists th...
CVE-2022-2335
Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...
CVE-2022-1373
CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...
CVE-2022-37453
CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...
CVE-2022-2336
CVE-2022-2336 describes an improper authentication flaw in Softing Secure Integration Server, edgeConnector, and edgeAggregator caused by default administrator credentials (admin/admin). The vulnerability enables direct login to perform administrative actions without password change prompts, with...
CVE-2022-2338
Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...
CVE-2022-2334
CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...
CVE-2022-2547
CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...
CVE-2022-2337
Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...
CVE-2022-1748
CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...
CVE-2022-1069
CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...
CVE-2023-27334
CVE-2023-27334 concerns the Softing edgeConnector Siemens product. The flaw exists in the handling of OPC UA ConditionRefresh requests, allowing remote attackers to exhaust server resources by sending a large number of requests, resulting in a denial-of-service condition. Authentication is not re...
CVE-2022-39823
CVE-2022-39823 affects Softing OPC UA C++ SDK versions 5.66 through 6.x before 6.10. The issue is a use-after-free caused by an OPC/UA browse request that exceeds the server limit on continuation points, leading to potential memory mismanagement. The vulnerability is documented with a high impact...
CVE-2023-41151
CVE-2023-41151 concerns Softing OPC UA C++ SDK for Windows prior to 6.30. The issue is an uncaught exception that may crash the application when the server attempts to send an error packet while a socket is blocked on writing. Affects versions before 6.30; a fix is provided by upgrading to 6.30 o...