Lucene search
K
SoftingOpc Ua C++ Software Development Kit

16 matches found

CVE
CVE
added 2022/03/11 10:5 p.m.94 views

CVE-2021-42262

Softing OPC UA C++ SDK prior to 5.70 is affected by an out-of-memory crash triggered by an invalid XML element in the type dictionary, causing the OPC UA client to crash. The issue is due to a malformed XML element in the type dictionary. Impact stated in the sources is availability-related (cras...

6.5CVSS6.4AI score0.00797EPSS
CVE
CVE
added 2022/04/04 7:45 p.m.85 views

CVE-2021-32994

CVE-2021-32994 affects Softing OPC UA C++ SDK Exported library functions in OPC UA C++ SDK versions 5.59–5.64 that fail to properly validate received extension objects, enabling an attacker to crash the software by sending crafted packets that access multiple memory locations (memory corruption)....

7.5CVSS7.5AI score0.01629EPSS
CVE
CVE
added 2022/03/11 10:9 p.m.84 views

CVE-2021-42577

CVE-2021-42577 affects Softing OPC UA C++ SDK prior to version 5.70. The vulnerability arises from a malformed OPC/UA message abort packet that causes the client to crash due to a NULL pointer dereference. Reported in CVE entries and corroborated by multiple sources, including NVD, which lists th...

7.5CVSS7.4AI score0.00921EPSS
CVE
CVE
added 2022/08/17 8:13 p.m.77 views

CVE-2022-2335

Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2022/08/17 8:10 p.m.72 views

CVE-2022-1373

CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...

7.2CVSS7.2AI score0.10229EPSS
CVE
CVE
added 2022/10/20 12:0 a.m.72 views

CVE-2022-37453

CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...

7.5CVSS7.7AI score0.00701EPSS
CVE
CVE
added 2022/08/17 8:7 p.m.70 views

CVE-2022-2336

CVE-2022-2336 describes an improper authentication flaw in Softing Secure Integration Server, edgeConnector, and edgeAggregator caused by default administrator credentials (admin/admin). The vulnerability enables direct login to perform administrative actions without password change prompts, with...

9.8CVSS9.6AI score0.00851EPSS
CVE
CVE
added 2022/08/17 8:15 p.m.69 views

CVE-2022-2338

Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...

5.7CVSS5.8AI score0.00187EPSS
CVE
CVE
added 2022/08/17 8:11 p.m.68 views

CVE-2022-2334

CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...

7.2CVSS7.4AI score0.09501EPSS
CVE
CVE
added 2022/08/17 8:6 p.m.67 views

CVE-2022-2547

CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:18 p.m.66 views

CVE-2022-2337

Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:8 p.m.61 views

CVE-2022-1748

CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...

7.5CVSS7.6AI score0.00852EPSS
CVE
CVE
added 2022/08/17 8:17 p.m.59 views

CVE-2022-1069

CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.58 views

CVE-2023-27334

CVE-2023-27334 concerns the Softing edgeConnector Siemens product. The flaw exists in the handling of OPC UA ConditionRefresh requests, allowing remote attackers to exhaust server resources by sending a large number of requests, resulting in a denial-of-service condition. Authentication is not re...

7.5CVSS7.5AI score0.01322EPSS
CVE
CVE
added 2022/10/20 12:0 a.m.52 views

CVE-2022-39823

CVE-2022-39823 affects Softing OPC UA C++ SDK versions 5.66 through 6.x before 6.10. The issue is a use-after-free caused by an OPC/UA browse request that exceeds the server limit on continuation points, leading to potential memory mismanagement. The vulnerability is documented with a high impact...

7.5CVSS7.5AI score0.00635EPSS
CVE
CVE
added 2023/12/14 12:0 a.m.40 views

CVE-2023-41151

CVE-2023-41151 concerns Softing OPC UA C++ SDK for Windows prior to 6.30. The issue is an uncaught exception that may crash the application when the server attempts to send an error packet while a socket is blocked on writing. Affects versions before 6.30; a fix is provided by upgrading to 6.30 o...

7.5CVSS7.5AI score0.007EPSS