5 matches found
CVE-2020-14524
CVE-2020-14524 affects Softing Industrial Automation OPC: all versions prior to the latest build of 4.47.0 are vulnerable to a heap-based buffer overflow (CWE-122) that may allow remote code execution. CVSS v3 base score 9.8 (CRITICAL) with NETWORK attack vector, no privileges, no user interactio...
CVE-2021-40873
The CVE-2021-40873 issue affects Softing Industrial Automation’s OPC UA C++ SDK (pre-5.66) and uaToolkit Embedded (pre-1.40). The vulnerability is a remote-triggered denial of service due to a double-free error that can cause the server process to crash and require restart. Exploitation is descri...
CVE-2021-40871
CVE-2021-40871 affects Softing Industrial Automation’s OPC UA C++ SDK prior to 5.66. Remote attackers can trigger a denial of service by sending crafted messages to an OPC UA client. The vulnerability causes the client process to crash due to an incorrect type cast, requiring a restart. The issue...
CVE-2023-37572
Softing OPC Suite prior to 5.25 contains an Incorrect Access Control flaw in OSF_discovery service. Weak permissions could allow an attacker to read sensitive information and modify or delete the service executable. CVSSv3.1 base score 7.5 (HIGH) with network attack vector, low complexity, no pri...
CVE-2020-14522
CVE-2020-14522 affects Softing Industrial Automation OPC products: all versions prior to the latest build of 4.47.0 are vulnerable to uncontrolled resource consumption that can lead to a denial-of-service. Affected component is OPC servers/services; root cause described as uncontrolled resource c...