Lucene search
K
SoftingUagates

11 matches found

CVE
CVE
added 2022/08/17 8:13 p.m.77 views

CVE-2022-2335

Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2022/08/17 8:10 p.m.72 views

CVE-2022-1373

CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...

7.2CVSS7.2AI score0.10229EPSS
CVE
CVE
added 2022/10/20 12:0 a.m.72 views

CVE-2022-37453

CVE-2022-37453 affects Softing OPC UA C++ SDK prior to version 6.10. The issue is a buffer overflow or excessive allocation caused by unchecked bounds on arrays/matrices within structure data types. Impact is high (availability impact stated), with exploitation potential over the network in affec...

7.5CVSS7.7AI score0.00701EPSS
CVE
CVE
added 2022/08/17 8:7 p.m.70 views

CVE-2022-2336

CVE-2022-2336 describes an improper authentication flaw in Softing Secure Integration Server, edgeConnector, and edgeAggregator caused by default administrator credentials (admin/admin). The vulnerability enables direct login to perform administrative actions without password change prompts, with...

9.8CVSS9.6AI score0.00851EPSS
CVE
CVE
added 2022/08/17 8:15 p.m.70 views

CVE-2022-2338

Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...

5.7CVSS5.8AI score0.00187EPSS
CVE
CVE
added 2022/08/17 8:11 p.m.68 views

CVE-2022-2334

CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...

7.2CVSS7.4AI score0.09501EPSS
CVE
CVE
added 2022/08/17 8:6 p.m.67 views

CVE-2022-2547

CVE-2022-2547 affects Softing Secure Integration Server (v1.22 and earlier). A crafted HTTP request involving the Content-Type header (or its processing) can trigger a NULL pointer dereference, producing a denial-of-service condition. Exploitation is described as remote with no authentication req...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:18 p.m.66 views

CVE-2022-2337

Softing Secure Integration Server is affected by CVE-2022-2337, a NULL pointer dereference caused by processing a crafted HTTP packet with a missing HTTP URI, leading to denial-of-service conditions. Affects Secure Integration Server components including the core server (V1.22 and prior) and rela...

7.5CVSS7.6AI score0.01297EPSS
CVE
CVE
added 2022/08/17 8:8 p.m.61 views

CVE-2022-1748

CVE-2022-1748 affects Softing Softing Secure Integration Server and several OPC UA components (OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, uaGate). The issue is a NULL pointer dereference vulnerability, described across multiple sources, with confir...

7.5CVSS7.6AI score0.00852EPSS
CVE
CVE
added 2022/08/17 8:17 p.m.59 views

CVE-2022-1069

CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...

7.5CVSS7.6AI score0.01324EPSS
CVE
CVE
added 2021/11/10 10:48 p.m.52 views

CVE-2021-40873

The CVE-2021-40873 issue affects Softing Industrial Automation’s OPC UA C++ SDK (pre-5.66) and uaToolkit Embedded (pre-1.40). The vulnerability is a remote-triggered denial of service due to a double-free error that can cause the server process to crash and require restart. Exploitation is descri...

7.5CVSS7.4AI score0.01267EPSS