CVE-2023-39482

The CVE-2023-39482 entry concerns Softing Secure Integration Server. The issue is located in the libopcuaclient.so component and stems from hardcoded cryptographic keys, enabling a remote attacker to disclose stored credentials and potentially facilitate further compromise. According to the provi...

CVE-2023-27334

CVE-2023-27334 concerns the Softing edgeConnector Siemens product. The flaw exists in the handling of OPC UA ConditionRefresh requests, allowing remote attackers to exhaust server resources by sending a large number of requests, resulting in a denial-of-service condition. Authentication is not re...

CVE-2023-27335

Softing edgeAggregator Client is affected by a Cross-Site Scripting/Remote Code Execution vulnerability (CVE-2023-27335). The flaw lies in how the edgeAggregator client handles input parameters, with insufficient validation allowing injection of arbitrary scripts. This can enable remote code exec...

CVE-2023-39481

CVE-2023-39481 affects Softing Secure Integration Server. The root cause is an inconsistency in URI parsing between NGINX and the application web server, enabling an attacker to execute arbitrary code in the root context. The vulnerability is described as remote code execution and is noted to all...

CVE-2023-27336

CVE-2023-27336 affects Softing edgeConnector Siemens OPC UA Server via a NULL pointer dereference in the handling of OPC client certificates. This unauthenticated, network-exploitable vulnerability can cause a denial-of-service condition on affected installations. The documented impact is limited...

CVE-2023-38125

CVE-2023-38125 affects Softing edgeAggregator. The root cause is a misconfigured web server that lacks appropriate Content Security Policy headers, enabling a permissive cross-domain policy with untrusted domains. This can allow remote attackers to trigger remote code execution in the context of ...