4 matches found
CVE-2023-39481
CVE-2023-39481 affects Softing Secure Integration Server. The root cause is an inconsistency in URI parsing between NGINX and the application web server, enabling an attacker to execute arbitrary code in the root context. The vulnerability is described as remote code execution and is noted to all...
CVE-2023-39478
The CVE-2023-39478 issue affects Softing Secure Integration Server. Affected component is the OPC FileDirectory namespace handling, where lack of proper validation of user-supplied data when creating a server object can enable remote code execution in the root context. Attackers can exploit this ...
CVE-2023-38125
CVE-2023-38125 affects Softing edgeAggregator. The root cause is a misconfigured web server that lacks appropriate Content Security Policy headers, enabling a permissive cross-domain policy with untrusted domains. This can allow remote attackers to trigger remote code execution in the context of ...
CVE-2023-39479
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability (CVE-2023-39479) affects the OPC UA Gateway handling of FileDirectory OPC UA Objects. The flaw allows remote attackers, bypassing authentication, to create directories by accessing the filesystem, potentially enabli...