Lucene search
K
SoftingSecure Integration Server

14 matches found

CVE
CVE
added 2022/03/11 10:9 p.m.88 views

CVE-2021-42577

CVE-2021-42577 affects Softing OPC UA C++ SDK prior to version 5.70. The vulnerability arises from a malformed OPC/UA message abort packet that causes the client to crash due to a NULL pointer dereference. Reported in CVE entries and corroborated by multiple sources, including NVD, which lists th...

7.5CVSS7.4AI score0.00943EPSS
CVE
CVE
added 2022/08/17 8:13 p.m.78 views

CVE-2022-2335

Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2022/08/17 8:10 p.m.73 views

CVE-2022-1373

CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...

7.2CVSS7.2AI score0.10229EPSS
CVE
CVE
added 2022/10/20 12:0 a.m.73 views

CVE-2022-37453

CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...

7.5CVSS7.7AI score0.00701EPSS
CVE
CVE
added 2022/08/17 8:11 p.m.70 views

CVE-2022-2334

CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...

7.2CVSS7.4AI score0.09501EPSS
CVE
CVE
added 2022/08/17 8:6 p.m.68 views

CVE-2022-2547

CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:18 p.m.67 views

CVE-2022-2337

Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:8 p.m.62 views

CVE-2022-1748

CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...

7.5CVSS7.6AI score0.00852EPSS
CVE
CVE
added 2022/08/17 8:17 p.m.60 views

CVE-2022-1069

CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.60 views

CVE-2023-27336

CVE-2023-27336 affects Softing edgeConnector Siemens OPC UA Server via a NULL pointer dereference in the handling of OPC client certificates. This unauthenticated, network-exploitable vulnerability can cause a denial-of-service condition on affected installations. The documented impact is limited...

7.5CVSS7.4AI score0.00754EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.58 views

CVE-2023-27334

CVE-2023-27334 concerns the Softing edgeConnector Siemens product. The flaw exists in the handling of OPC UA ConditionRefresh requests, allowing remote attackers to exhaust server resources by sending a large number of requests, resulting in a denial-of-service condition. Authentication is not re...

7.5CVSS7.5AI score0.0137EPSS
CVE
CVE
added 2021/11/10 10:48 p.m.52 views

CVE-2021-40873

The CVE-2021-40873 issue affects Softing Industrial Automation’s OPC UA C++ SDK (pre-5.66) and uaToolkit Embedded (pre-1.40). The vulnerability is a remote-triggered denial of service due to a double-free error that can cause the server process to crash and require restart. Exploitation is descri...

7.5CVSS7.4AI score0.01267EPSS
CVE
CVE
added 2021/11/10 10:43 p.m.49 views

CVE-2021-40871

CVE-2021-40871 affects Softing Industrial Automation’s OPC UA C++ SDK prior to 5.66. Remote attackers can trigger a denial of service by sending crafted messages to an OPC UA client. The vulnerability causes the client process to crash due to an incorrect type cast, requiring a restart. The issue...

7.5CVSS7.4AI score0.01267EPSS
CVE
CVE
added 2023/12/14 12:0 a.m.42 views

CVE-2023-41151

CVE-2023-41151 concerns Softing OPC UA C++ SDK for Windows prior to 6.30. The issue is an uncaught exception that may crash the application when the server attempts to send an error packet while a socket is blocked on writing. Affects versions before 6.30; a fix is provided by upgrading to 6.30 o...

7.5CVSS7.5AI score0.007EPSS