Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
8 vulnerabilities
CVE-2023-7339 (GCVE-0-2023-7339)
Vulnerability from cvelistv5 – Published: 2026-03-27 10:53 – Updated: 2026-03-27 12:21
VLAI?
Title
Data collection for dowloading leads into buffer overflow
Summary
Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.
This issue affects
pnGate: through 1.30
epGate: through 1.30
mbGate: through 1.30
smartLink HW-DP: through 1.30
smartLink HW-PN: through 1.01.
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Softing | pnGate |
Affected:
0 , ≤ 1.30
(custom)
Unaffected: 1.34 (custom) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:21:13.590182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:21:25.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"broken-link"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html"
},
{
"tags": [
"broken-link"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pnGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.34",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "epGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "smartLink HW-DP",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.31",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "smartLink HW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.01",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.02",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:pngate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:pngate:1.34:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:epgate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:mbgate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:1.31:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.01",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.\u003cbr\u003eThis issue affects\u003cbr\u003epnGate: through 1.30\u003cbr\u003eepGate: through 1.30\u003cbr\u003embGate: through 1.30\u003cbr\u003esmartLink HW-DP: through 1.30\u003cbr\u003esmartLink HW-PN: through 1.01.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.\nThis issue affects\npnGate: through 1.30\nepGate: through 1.30\nmbGate: through 1.30\nsmartLink HW-DP: through 1.30\nsmartLink HW-PN: through 1.01."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T10:53:07.778Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"tags": [
"x_html"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html"
},
{
"tags": [
"x_json"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003epnGate: fixed with 1.34\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "pnGate: fixed with 1.34"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "smartLink HW-DP: fixed with 1.31\u003cbr\u003esmartLink HW-PN: fixed with 1.02"
}
],
"value": "smartLink HW-DP: fixed with 1.31\nsmartLink HW-PN: fixed with 1.02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Data collection for dowloading leads into buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2023-7339",
"datePublished": "2026-03-27T10:53:07.778Z",
"dateReserved": "2026-03-27T10:08:58.402Z",
"dateUpdated": "2026-03-27T12:21:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-14028 (GCVE-0-2024-14028)
Vulnerability from cvelistv5 – Published: 2026-03-27 05:53 – Updated: 2026-03-27 13:45
VLAI?
Title
Multiple implicit reads in parallel can result in a crash or denial of service
Summary
Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.
This issue affects:
smartLink HW-DP: through 1.31
smartLink HW-PN: before 1.02.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Softing | smartLink HW-DP |
Affected:
0 , ≤ 1.31
(custom)
Unaffected: 1.32 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-14028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:39:03.488317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:45:30.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"webserver"
],
"product": "smartLink HW-DP",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.31",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.32",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"webserver"
],
"product": "smartLink HW-PN",
"vendor": "Softing",
"versions": [
{
"lessThan": "1.02",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.02",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.31",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:1.32:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.02",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\u003cbr\u003eThis issue affects:\u003cbr\u003esmartLink HW-DP: through 1.31\u003cbr\u003esmartLink HW-PN: before 1.02.\u003c/p\u003e"
}
],
"value": "Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\nThis issue affects:\nsmartLink HW-DP: through 1.31\nsmartLink HW-PN: before 1.02."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T05:53:40.991Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate firmware for\u003cbr\u003esmartLink HW-DP: to 1.32\u003cbr\u003esmartLink HW-PN: to 1.02.\u003c/p\u003e"
}
],
"value": "Update firmware for\nsmartLink HW-DP: to 1.32\nsmartLink HW-PN: to 1.02."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple implicit reads in parallel can result in a crash or denial of service",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2024-14028",
"datePublished": "2026-03-27T05:53:40.991Z",
"dateReserved": "2026-03-23T15:31:51.510Z",
"dateUpdated": "2026-03-27T13:45:30.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13406 (GCVE-0-2025-13406)
Vulnerability from cvelistv5 – Published: 2026-03-17 14:32 – Updated: 2026-03-27 08:09
VLAI?
Title
Scanning for higher HART revision device leads into NULL pointer dereference in live list
Summary
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing | smartLink SW-HT |
Affected:
1.43
(custom)
Unaffected: 1.43.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T14:49:34.753139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T14:50:30.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.43",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43.1:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.\u003cp\u003eThis issue affects smartLink SW-HT: 1.43.\u003c/p\u003e"
}
],
"value": "NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:09:49.360Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate smartLink SW-HT to patch V1.43.1 firmware.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update smartLink SW-HT to patch V1.43.1 firmware."
}
],
"source": {
"discovery": "USER"
},
"title": "Scanning for higher HART revision device leads into NULL pointer dereference in live list",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-13406",
"datePublished": "2026-03-17T14:32:21.500Z",
"dateReserved": "2025-11-19T14:07:24.595Z",
"dateUpdated": "2026-03-27T08:09:49.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10461 (GCVE-0-2025-10461)
Vulnerability from cvelistv5 – Published: 2026-03-16 13:27 – Updated: 2026-03-27 08:13
VLAI?
Title
Global file reads caused by improper URL checks in webserver
Summary
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.
This issue affects
smartLink SW-HT: through 1.42
smartLink SW-PN: through 1.03.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Softing | smartLink SW-HT |
Affected:
0 , ≤ 1.42
(custom)
Unaffected: 1.43 (custom) |
|||||||
|
|||||||||
Credits
OpenVAS
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:27:44.548413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:27:51.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "OpenVAS"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\n\n\n\nThis issue affects\n\nsmartLink SW-HT: through 1.42\n\nsmartLink SW-PN: through 1.03."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:13:41.200Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003esmartLink SW-HT: 1.43\u003c/p\u003esmartLink SW-PN: 1.04\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This issue is fixed in\n\n\n\n\n\nsmartLink SW-HT: 1.43\n\nsmartLink SW-PN: 1.04"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Global file reads caused by improper URL checks in webserver",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10461",
"datePublished": "2026-03-16T13:27:21.381Z",
"dateReserved": "2025-09-15T05:57:59.903Z",
"dateUpdated": "2026-03-27T08:13:41.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10685 (GCVE-0-2025-10685)
Vulnerability from cvelistv5 – Published: 2026-03-16 13:14 – Updated: 2026-03-27 08:12
VLAI?
Title
HTTP POST with specific higher content length leads into heap corruption
Summary
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:
smartLink SW-PN: through 1.03
smartLink SW-HT: through 1.42
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Softing | smartLink SW-PN |
Affected:
0 , ≤ 1.03
(custom)
Unaffected: 1.04 (custom) |
|||||||
|
|||||||||
Credits
Frank Renner
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:41:54.340261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:41:59.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Frank Renner"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e"
}
],
"value": "Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:\n\nsmartLink SW-PN: through 1.03\n\nsmartLink SW-HT: through 1.42"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/AU:Y/R:A/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:12:30.109Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate firmware for\u003c/p\u003e\u003cp\u003esmartLink SW-PN: to 1.04\u003c/p\u003e\u003cp\u003esmartLink SW-HT: to 1.43\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update firmware for\n\nsmartLink SW-PN: to 1.04\n\nsmartLink SW-HT: to 1.43"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTTP POST with specific higher content length leads into heap corruption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10685",
"datePublished": "2026-03-16T13:14:49.030Z",
"dateReserved": "2025-09-18T12:45:55.230Z",
"dateUpdated": "2026-03-27T08:12:30.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10151 (GCVE-0-2025-10151)
Vulnerability from cvelistv5 – Published: 2025-10-28 07:25 – Updated: 2025-10-28 13:27
VLAI?
Title
Malicious TCP/IP thread locking leads into diverse malfunctions
Summary
Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects
smartLink HW-PN: from 1.02 through 1.03
smartLink HW-DP: 1.31
Severity ?
CWE
- CWE-667 - Improper Locking
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Softing Industrial Automation GmbH | smartLink HW-PN |
Affected:
1.02 , ≤ 1.03
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T13:23:50.979355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T13:27:14.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "smartLink HW-PN",
"vendor": "Softing Industrial Automation GmbH",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "1.02",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "smartLink HW-DP",
"vendor": "Softing Industrial Automation GmbH",
"versions": [
{
"lessThanOrEqual": "1.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink HW-PN: from 1.02 through 1.03\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.31\u003c/p\u003e"
}
],
"value": "Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects\n\nsmartLink HW-PN: from 1.02 through 1.03\n\nsmartLink HW-DP: 1.31"
}
],
"impacts": [
{
"capecId": "CAPEC-456",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-456 Infected Memory"
}
]
},
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/AU:Y/R:U/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T07:25:39.639Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"tags": [
"x_html"
],
"url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10151.html"
},
{
"tags": [
"x_json"
],
"url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10151.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003esmartLink HW-PN: 1.04\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.32\u003c/p\u003e"
}
],
"value": "This issue is fixed in\n\nsmartLink HW-PN: 1.04\n\nsmartLink HW-DP: 1.32"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Malicious TCP/IP thread locking leads into diverse malfunctions",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10151",
"datePublished": "2025-10-28T07:25:39.639Z",
"dateReserved": "2025-09-09T07:27:10.152Z",
"dateUpdated": "2025-10-28T13:27:14.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10150 (GCVE-0-2025-10150)
Vulnerability from cvelistv5 – Published: 2025-10-28 07:24 – Updated: 2025-10-28 13:28
VLAI?
Title
Webserver crash caused by scanning on TCP port 80
Summary
Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects
smartLink HW-PN: from 1.02 through 1.03
smartLink HW-DP: 1.31
Severity ?
CWE
- CWE-833 - Deadlock
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Softing Industrial Automation GmbH | smartLink HW-PN |
Affected:
1.02 , ≤ 1.03
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T13:27:44.147539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T13:28:01.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "smartLink HW-PN",
"vendor": "Softing Industrial Automation GmbH",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "1.02",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "smartLink HW-DP",
"vendor": "Softing Industrial Automation GmbH",
"versions": [
{
"lessThanOrEqual": "1.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "1.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-dp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.31",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink HW-PN: from 1.02 through 1.03\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.31\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects\n\nsmartLink HW-PN: from 1.02 through 1.03\n\nsmartLink HW-DP: 1.31"
}
],
"impacts": [
{
"capecId": "CAPEC-25",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-25 Forced Deadlock"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-833",
"description": "CWE-833: Deadlock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T07:24:38.296Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"tags": [
"x_html"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.html"
},
{
"tags": [
"x_json"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003esmartLink HW-PN: 1.04\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.32\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "This issue is fixed in\n\nsmartLink HW-PN: 1.04\n\nsmartLink HW-DP: 1.32"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Webserver crash caused by scanning on TCP port 80",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10150",
"datePublished": "2025-10-28T07:24:38.296Z",
"dateReserved": "2025-09-09T07:27:03.262Z",
"dateUpdated": "2025-10-28T13:28:01.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7390 (GCVE-0-2025-7390)
Vulnerability from cvelistv5 – Published: 2025-08-21 06:08 – Updated: 2026-03-27 08:36
VLAI?
Title
Bypass the client certificate trust check of an opc.https server while only secure communication is allowed
Summary
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
Severity ?
9.1 (Critical)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Softing | OPC UA C++ SDK |
Affected:
6.40 , ≤ 6.80
(custom)
Unaffected: 6.80.1 (custom) |
||||||||||||
|
||||||||||||||
Date Public ?
2025-08-14 06:37
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:51:51.306799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T13:53:15.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://industrial.softing.com/products/opc-ua-and-opc-classic-sdks/opc-ua-c-sdks-for-windows.html",
"defaultStatus": "unaffected",
"modules": [
"opc.https server"
],
"platforms": [
"Windows",
"Linux",
"VxWorks"
],
"product": "OPC UA C++ SDK",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "6.80",
"status": "affected",
"version": "6.40",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.80.1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeconnector.html",
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "edgeConnector",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "2025.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "SDEX Suite V1.0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeaggregator.html",
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "2025.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "SDEX Suite V1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:vxworks:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:linux:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:vxworks:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeconnector:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "2025.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:sdex_suite_v1.0:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "2025.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:sdex_suite_v1.0:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-08-14T06:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
}
],
"value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:36:30.497Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OPC UA C++ SDK V6.80.1 Service-Patch\u003cbr\u003e"
}
],
"value": "OPC UA C++ SDK V6.80.1 Service-Patch"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "edgeAggregator \u0026amp; edgeConnector are now integrated in SDEX Suite: fix with V1.0"
}
],
"value": "edgeAggregator \u0026 edgeConnector are now integrated in SDEX Suite: fix with V1.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypass the client certificate trust check of an opc.https server while only secure communication is allowed",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-7390",
"datePublished": "2025-08-21T06:08:00.210Z",
"dateReserved": "2025-07-09T13:09:38.988Z",
"dateUpdated": "2026-03-27T08:36:30.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}