Filtered by vendor Softing
Subscribe
Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38126 | 1 Softing | 1 Edgeaggregator | 2023-12-29 | N/A | 7.2 HIGH |
| Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543. | |||||
| CVE-2023-41151 | 2 Microsoft, Softing | 4 Windows, Opc, Opc Ua C\+\+ Software Development Kit and 1 more | 2023-12-19 | N/A | 7.5 HIGH |
| An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. | |||||
| CVE-2023-37572 | 1 Softing | 1 Opc | 2023-12-11 | N/A | 7.5 HIGH |
| Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. | |||||
| CVE-2022-48193 | 1 Softing | 1 Smartlink Sw-ht | 2023-11-14 | N/A | 7.5 HIGH |
| Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | |||||
| CVE-2021-40872 | 1 Softing | 2 Smartlink Hw-dp, Uatoolkit Embedded | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted. | |||||
| CVE-2021-40873 | 1 Softing | 7 Datafeed Opc Suite, Edgeconnector, Opc and 4 more | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted. | |||||
| CVE-2021-40871 | 1 Softing | 4 Datafeed Opc Suite, Opc, Secure Integration Server and 1 more | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. | |||||
| CVE-2019-11528 | 1 Softing | 2 Uagate Si, Uagate Si Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable. | |||||
| CVE-2021-29660 | 1 Softing | 1 Opc Toolbox | 2021-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | |||||
| CVE-2020-14522 | 1 Softing | 1 Opc | 2020-08-28 | 5.0 MEDIUM | 7.5 HIGH |
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2019-15051 | 1 Softing | 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | |||||
| CVE-2019-11527 | 1 Softing | 2 Uagate Si, Uagate Si Firmware | 2019-10-15 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter. | |||||