14 matches found
CVE-2021-42577
CVE-2021-42577 affects Softing OPC UA C++ SDK prior to version 5.70. The vulnerability arises from a malformed OPC/UA message abort packet that causes the client to crash due to a NULL pointer dereference. Reported in CVE entries and corroborated by multiple sources, including NVD, which lists th...
CVE-2022-2335
Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...
CVE-2022-1373
CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...
CVE-2022-37453
CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...
CVE-2022-2334
CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...
CVE-2022-2547
CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...
CVE-2022-2337
Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...
CVE-2022-1748
CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...
CVE-2022-1069
CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...
CVE-2023-27336
CVE-2023-27336 affects Softing edgeConnector Siemens OPC UA Server via a NULL pointer dereference in the handling of OPC client certificates. This unauthenticated, network-exploitable vulnerability can cause a denial-of-service condition on affected installations. The documented impact is limited...
CVE-2023-27334
CVE-2023-27334 concerns the Softing edgeConnector Siemens product. The flaw exists in the handling of OPC UA ConditionRefresh requests, allowing remote attackers to exhaust server resources by sending a large number of requests, resulting in a denial-of-service condition. Authentication is not re...
CVE-2021-40873
The CVE-2021-40873 issue affects Softing Industrial Automation’s OPC UA C++ SDK (pre-5.66) and uaToolkit Embedded (pre-1.40). The vulnerability is a remote-triggered denial of service due to a double-free error that can cause the server process to crash and require restart. Exploitation is descri...
CVE-2021-40871
CVE-2021-40871 affects Softing Industrial Automation’s OPC UA C++ SDK prior to 5.66. Remote attackers can trigger a denial of service by sending crafted messages to an OPC UA client. The vulnerability causes the client process to crash due to an incorrect type cast, requiring a restart. The issue...
CVE-2023-41151
CVE-2023-41151 concerns Softing OPC UA C++ SDK for Windows prior to 6.30. The issue is an uncaught exception that may crash the application when the server attempts to send an error packet while a socket is blocked on writing. Affects versions before 6.30; a fix is provided by upgrading to 6.30 o...