Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
96 vulnerabilities by Softing
CVE-2023-7339 (GCVE-0-2023-7339)
Vulnerability from nvd – Published: 2026-03-27 10:53 – Updated: 2026-03-27 12:21
VLAI
EPSS
VEX
Title
Data collection for dowloading leads into buffer overflow
Summary
Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.
This issue affects
pnGate: through 1.30
epGate: through 1.30
mbGate: through 1.30
smartLink HW-DP: through 1.30
smartLink HW-PN: through 1.01.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | pnGate |
Affected:
0 , ≤ 1.30
(custom)
Unaffected: 1.34 (custom) |
|
| Softing | epGate |
Affected:
0 , ≤ 1.30
(custom)
|
|
| Softing | mbGate |
Affected:
0 , ≤ 1.30
(custom)
|
|
| Softing | smartLink HW-DP |
Affected:
0 , ≤ 1.30
(custom)
Unaffected: 1.31 (custom) |
|
| Softing | smartLink HW-PN |
Affected:
0 , ≤ 1.01
(custom)
Unaffected: 1.02 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:21:13.590182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:21:25.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"broken-link"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html"
},
{
"tags": [
"broken-link"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pnGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.34",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "epGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "smartLink HW-DP",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.31",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "smartLink HW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.01",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.02",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:pngate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:pngate:1.34:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:epgate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:mbgate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:1.31:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.01",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.\u003cbr\u003eThis issue affects\u003cbr\u003epnGate: through 1.30\u003cbr\u003eepGate: through 1.30\u003cbr\u003embGate: through 1.30\u003cbr\u003esmartLink HW-DP: through 1.30\u003cbr\u003esmartLink HW-PN: through 1.01.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.\nThis issue affects\npnGate: through 1.30\nepGate: through 1.30\nmbGate: through 1.30\nsmartLink HW-DP: through 1.30\nsmartLink HW-PN: through 1.01."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T10:53:07.778Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"tags": [
"x_html"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html"
},
{
"tags": [
"x_json"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003epnGate: fixed with 1.34\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "pnGate: fixed with 1.34"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "smartLink HW-DP: fixed with 1.31\u003cbr\u003esmartLink HW-PN: fixed with 1.02"
}
],
"value": "smartLink HW-DP: fixed with 1.31\nsmartLink HW-PN: fixed with 1.02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Data collection for dowloading leads into buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2023-7339",
"datePublished": "2026-03-27T10:53:07.778Z",
"dateReserved": "2026-03-27T10:08:58.402Z",
"dateUpdated": "2026-03-27T12:21:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-14028 (GCVE-0-2024-14028)
Vulnerability from nvd – Published: 2026-03-27 05:53 – Updated: 2026-03-27 13:45
VLAI
EPSS
VEX
Title
Multiple implicit reads in parallel can result in a crash or denial of service
Summary
Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.
This issue affects:
smartLink HW-DP: through 1.31
smartLink HW-PN: before 1.02.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | smartLink HW-DP |
Affected:
0 , ≤ 1.31
(custom)
Unaffected: 1.32 (custom) |
|
| Softing | smartLink HW-PN |
Affected:
0 , < 1.02
(custom)
Unaffected: 1.02 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-14028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:39:03.488317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:45:30.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"webserver"
],
"product": "smartLink HW-DP",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.31",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.32",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"webserver"
],
"product": "smartLink HW-PN",
"vendor": "Softing",
"versions": [
{
"lessThan": "1.02",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.02",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.31",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:1.32:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.02",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\u003cbr\u003eThis issue affects:\u003cbr\u003esmartLink HW-DP: through 1.31\u003cbr\u003esmartLink HW-PN: before 1.02.\u003c/p\u003e"
}
],
"value": "Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\nThis issue affects:\nsmartLink HW-DP: through 1.31\nsmartLink HW-PN: before 1.02."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T05:53:40.991Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate firmware for\u003cbr\u003esmartLink HW-DP: to 1.32\u003cbr\u003esmartLink HW-PN: to 1.02.\u003c/p\u003e"
}
],
"value": "Update firmware for\nsmartLink HW-DP: to 1.32\nsmartLink HW-PN: to 1.02."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple implicit reads in parallel can result in a crash or denial of service",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2024-14028",
"datePublished": "2026-03-27T05:53:40.991Z",
"dateReserved": "2026-03-23T15:31:51.510Z",
"dateUpdated": "2026-03-27T13:45:30.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13406 (GCVE-0-2025-13406)
Vulnerability from nvd – Published: 2026-03-17 14:32 – Updated: 2026-03-27 08:09
VLAI
EPSS
VEX
Title
Scanning for higher HART revision device leads into NULL pointer dereference in live list
Summary
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | smartLink SW-HT |
Affected:
1.43
(custom)
Unaffected: 1.43.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T14:49:34.753139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T14:50:30.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.43",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43.1:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.\u003cp\u003eThis issue affects smartLink SW-HT: 1.43.\u003c/p\u003e"
}
],
"value": "NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:09:49.360Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate smartLink SW-HT to patch V1.43.1 firmware.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update smartLink SW-HT to patch V1.43.1 firmware."
}
],
"source": {
"discovery": "USER"
},
"title": "Scanning for higher HART revision device leads into NULL pointer dereference in live list",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-13406",
"datePublished": "2026-03-17T14:32:21.500Z",
"dateReserved": "2025-11-19T14:07:24.595Z",
"dateUpdated": "2026-03-27T08:09:49.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10685 (GCVE-0-2025-10685)
Vulnerability from nvd – Published: 2026-03-16 13:14 – Updated: 2026-03-27 08:12
VLAI
EPSS
VEX
Title
HTTP POST with specific higher content length leads into heap corruption
Summary
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:
smartLink SW-PN: through 1.03
smartLink SW-HT: through 1.42
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | smartLink SW-PN |
Affected:
0 , ≤ 1.03
(custom)
Unaffected: 1.04 (custom) |
|
| Softing | smartLink SW-HT |
Affected:
0 , ≤ 1.42
(custom)
Unaffected: 1.43 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:41:54.340261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:41:59.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Frank Renner"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e"
}
],
"value": "Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:\n\nsmartLink SW-PN: through 1.03\n\nsmartLink SW-HT: through 1.42"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/AU:Y/R:A/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:12:30.109Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate firmware for\u003c/p\u003e\u003cp\u003esmartLink SW-PN: to 1.04\u003c/p\u003e\u003cp\u003esmartLink SW-HT: to 1.43\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update firmware for\n\nsmartLink SW-PN: to 1.04\n\nsmartLink SW-HT: to 1.43"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTTP POST with specific higher content length leads into heap corruption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10685",
"datePublished": "2026-03-16T13:14:49.030Z",
"dateReserved": "2025-09-18T12:45:55.230Z",
"dateUpdated": "2026-03-27T08:12:30.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10461 (GCVE-0-2025-10461)
Vulnerability from nvd – Published: 2026-03-16 13:27 – Updated: 2026-03-27 08:13
VLAI
EPSS
VEX
Title
Global file reads caused by improper URL checks in webserver
Summary
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.
This issue affects
smartLink SW-HT: through 1.42
smartLink SW-PN: through 1.03.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | smartLink SW-HT |
Affected:
0 , ≤ 1.42
(custom)
Unaffected: 1.43 (custom) |
|
| Softing | smartLink SW-PN |
Affected:
0 , ≤ 1.03
(custom)
Unaffected: 1.04 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:27:44.548413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:27:51.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "OpenVAS"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\n\n\n\nThis issue affects\n\nsmartLink SW-HT: through 1.42\n\nsmartLink SW-PN: through 1.03."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:13:41.200Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003esmartLink SW-HT: 1.43\u003c/p\u003esmartLink SW-PN: 1.04\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This issue is fixed in\n\n\n\n\n\nsmartLink SW-HT: 1.43\n\nsmartLink SW-PN: 1.04"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Global file reads caused by improper URL checks in webserver",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10461",
"datePublished": "2026-03-16T13:27:21.381Z",
"dateReserved": "2025-09-15T05:57:59.903Z",
"dateUpdated": "2026-03-27T08:13:41.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7390 (GCVE-0-2025-7390)
Vulnerability from nvd – Published: 2025-08-21 06:08 – Updated: 2026-03-27 08:36
VLAI
EPSS
VEX
Title
Bypass the client certificate trust check of an opc.https server while only secure communication is allowed
Summary
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | OPC UA C++ SDK |
Affected:
6.40 , ≤ 6.80
(custom)
Unaffected: 6.80.1 (custom) |
|
| Softing | edgeConnector |
Affected:
0 , ≤ 2025.03
(custom)
Unaffected: SDEX Suite V1.0 (custom) |
|
| Softing | edgeAggregator |
Affected:
0 , ≤ 2025.03
(custom)
Unaffected: SDEX Suite V1.0 (custom) |
Date Public
2025-08-14 06:37
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:51:51.306799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T13:53:15.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://industrial.softing.com/products/opc-ua-and-opc-classic-sdks/opc-ua-c-sdks-for-windows.html",
"defaultStatus": "unaffected",
"modules": [
"opc.https server"
],
"platforms": [
"Windows",
"Linux",
"VxWorks"
],
"product": "OPC UA C++ SDK",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "6.80",
"status": "affected",
"version": "6.40",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.80.1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeconnector.html",
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "edgeConnector",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "2025.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "SDEX Suite V1.0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeaggregator.html",
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "2025.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "SDEX Suite V1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:vxworks:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:linux:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:vxworks:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeconnector:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "2025.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:sdex_suite_v1.0:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "2025.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:sdex_suite_v1.0:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-08-14T06:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
}
],
"value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:36:30.497Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OPC UA C++ SDK V6.80.1 Service-Patch\u003cbr\u003e"
}
],
"value": "OPC UA C++ SDK V6.80.1 Service-Patch"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "edgeAggregator \u0026amp; edgeConnector are now integrated in SDEX Suite: fix with V1.0"
}
],
"value": "edgeAggregator \u0026 edgeConnector are now integrated in SDEX Suite: fix with V1.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypass the client certificate trust check of an opc.https server while only secure communication is allowed",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-7390",
"datePublished": "2025-08-21T06:08:00.210Z",
"dateReserved": "2025-07-09T13:09:38.988Z",
"dateUpdated": "2026-03-27T08:36:30.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39482 (GCVE-0-2023-39482)
Vulnerability from nvd – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability
Summary
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within libopcuaclient.so. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-20610.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.8686
|
Date Public
2023-08-09 18:05
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:33:02.875353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T13:33:20.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1064",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1064/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.537Z",
"datePublic": "2023-08-09T18:05:25.885Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within libopcuaclient.so. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-20610."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:46.611Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1064",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1064/"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Research Team82"
},
"title": "Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39482",
"datePublished": "2024-05-03T02:10:46.611Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39481 (GCVE-0-2023-39481)
Vulnerability from nvd – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability
Summary
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the web server. The issue results from an inconsistency in URI parsing between NGINX and application code. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20551.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-436 - Interpretation Conflict
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
|
| softing | secure_integration_server |
Affected:
1.22.0.8686
cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T20:36:29.271637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T20:41:58.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1063",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1063/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.532Z",
"datePublic": "2023-08-09T18:04:47.064Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the web server. The issue results from an inconsistency in URI parsing between NGINX and application code. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20551."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:45.801Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1063",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1063/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39481",
"datePublished": "2024-05-03T02:10:45.801Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39480 (GCVE-0-2023-39480)
Vulnerability from nvd – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability
Summary
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
|
| softing | secure_integration_server |
Affected:
1.22.0.8686
cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T15:29:33.855719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T15:42:02.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1062",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1062/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.526Z",
"datePublic": "2023-08-09T18:04:40.922Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:45.099Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1062",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1062/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39480",
"datePublished": "2024-05-03T02:10:45.099Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39479 (GCVE-0-2023-39479)
Vulnerability from nvd – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability
Summary
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
|
| softing | secure_integration_server |
Affected:
1.22.0.8686
cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T15:40:12.735732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:01.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1061",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1061/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.520Z",
"datePublic": "2023-08-09T18:04:34.926Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:44.345Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1061",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1061/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39479",
"datePublished": "2024-05-03T02:10:44.345Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39478 (GCVE-0-2023-39478)
Vulnerability from nvd – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability
Summary
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
|
| softing | secure_integration_server |
Affected:
1.22.0.8686
cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:15:09.515950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:04.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1060",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.515Z",
"datePublic": "2023-08-09T18:04:28.415Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:43.636Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1060",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39478",
"datePublished": "2024-05-03T02:10:43.636Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-08-02T18:10:20.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38125 (GCVE-0-2023-38125)
Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 17:30
VLAI
EPSS
VEX
Title
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability
Summary
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeAggregator |
Affected:
3.40
|
|
| softing | edgeaggregator |
Affected:
3.40
cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeaggregator",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:26:57.744725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:05.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1059",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-07-12T15:35:25.020Z",
"datePublic": "2023-08-09T18:04:22.098Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:21.322Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1059",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38125",
"datePublished": "2024-05-03T01:59:21.322Z",
"dateReserved": "2023-07-12T15:22:20.623Z",
"dateUpdated": "2024-08-02T17:30:14.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27336 (GCVE-0-2023-27336)
Vulnerability from nvd – Published: 2024-05-03 01:55 – Updated: 2024-08-02 12:09
VLAI
EPSS
VEX
Title
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability
Summary
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeConnector Siemens |
Affected:
3.40
|
|
| softing | edgeconnector |
Affected:
3.40
cpe:2.3:a:softing:edgeconnector:-:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeconnector:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeconnector",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:08:48.894972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:42.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1065",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1065/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeConnector Siemens",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-02-28T18:05:53.960Z",
"datePublic": "2023-08-09T18:05:39.861Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:55:58.472Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1065",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1065/"
}
],
"source": {
"lang": "en",
"value": "Team ECQ"
},
"title": "Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27336",
"datePublished": "2024-05-03T01:55:58.472Z",
"dateReserved": "2023-02-28T17:58:45.479Z",
"dateUpdated": "2024-08-02T12:09:43.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27335 (GCVE-0-2023-27335)
Vulnerability from nvd – Published: 2024-05-03 01:55 – Updated: 2024-08-02 12:09
VLAI
EPSS
VEX
Title
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability
Summary
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeAggregator |
Affected:
3.40
|
|
| softing | edgeaggregator |
Affected:
3.4.0
cpe:2.3:a:softing:edgeaggregator:3.4.0:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeaggregator:3.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeaggregator",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:59:01.773629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:58.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1057",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1057/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-02-28T18:05:53.954Z",
"datePublic": "2023-08-09T18:04:10.515Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:55:57.666Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1057",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1057/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27335",
"datePublished": "2024-05-03T01:55:57.666Z",
"dateReserved": "2023-02-28T17:58:45.479Z",
"dateUpdated": "2024-08-02T12:09:43.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27334 (GCVE-0-2023-27334)
Vulnerability from nvd – Published: 2024-05-03 01:55 – Updated: 2024-08-02 12:09
VLAI
EPSS
VEX
Title
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability
Summary
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://industrial.softing.com/fileadmin/psirt/do… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeConnector Siemens |
Affected:
3.40
|
|
| softing | edgeconnector |
Affected:
3.40
cpe:2.3:a:softing:edgeconnector:-:*:*:*:*:*:*:* |
Date Public
2023-08-09 15:55
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeconnector:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeconnector",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:55:32.192681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:56.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1054",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1054/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeConnector Siemens",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-02-28T18:05:53.949Z",
"datePublic": "2023-08-09T15:55:45.687Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:55:56.942Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1054",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1054/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27334",
"datePublished": "2024-05-03T01:55:56.942Z",
"dateReserved": "2023-02-28T17:58:45.479Z",
"dateUpdated": "2024-08-02T12:09:43.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7339 (GCVE-0-2023-7339)
Vulnerability from cvelistv5 – Published: 2026-03-27 10:53 – Updated: 2026-03-27 12:21
VLAI
EPSS
VEX
Title
Data collection for dowloading leads into buffer overflow
Summary
Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.
This issue affects
pnGate: through 1.30
epGate: through 1.30
mbGate: through 1.30
smartLink HW-DP: through 1.30
smartLink HW-PN: through 1.01.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | pnGate |
Affected:
0 , ≤ 1.30
(custom)
Unaffected: 1.34 (custom) |
|
| Softing | epGate |
Affected:
0 , ≤ 1.30
(custom)
|
|
| Softing | mbGate |
Affected:
0 , ≤ 1.30
(custom)
|
|
| Softing | smartLink HW-DP |
Affected:
0 , ≤ 1.30
(custom)
Unaffected: 1.31 (custom) |
|
| Softing | smartLink HW-PN |
Affected:
0 , ≤ 1.01
(custom)
Unaffected: 1.02 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:21:13.590182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:21:25.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"broken-link"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html"
},
{
"tags": [
"broken-link"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pnGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.34",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "epGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbGate",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "smartLink HW-DP",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.31",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "smartLink HW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.01",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.02",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:pngate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:pngate:1.34:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:epgate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:mbgate:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.30",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:1.31:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.01",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.\u003cbr\u003eThis issue affects\u003cbr\u003epnGate: through 1.30\u003cbr\u003eepGate: through 1.30\u003cbr\u003embGate: through 1.30\u003cbr\u003esmartLink HW-DP: through 1.30\u003cbr\u003esmartLink HW-PN: through 1.01.\u003c/p\u003e"
}
],
"value": "Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.\nThis issue affects\npnGate: through 1.30\nepGate: through 1.30\nmbGate: through 1.30\nsmartLink HW-DP: through 1.30\nsmartLink HW-PN: through 1.01."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T10:53:07.778Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"tags": [
"x_html"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html"
},
{
"tags": [
"x_json"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003epnGate: fixed with 1.34\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "pnGate: fixed with 1.34"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "smartLink HW-DP: fixed with 1.31\u003cbr\u003esmartLink HW-PN: fixed with 1.02"
}
],
"value": "smartLink HW-DP: fixed with 1.31\nsmartLink HW-PN: fixed with 1.02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Data collection for dowloading leads into buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2023-7339",
"datePublished": "2026-03-27T10:53:07.778Z",
"dateReserved": "2026-03-27T10:08:58.402Z",
"dateUpdated": "2026-03-27T12:21:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-14028 (GCVE-0-2024-14028)
Vulnerability from cvelistv5 – Published: 2026-03-27 05:53 – Updated: 2026-03-27 13:45
VLAI
EPSS
VEX
Title
Multiple implicit reads in parallel can result in a crash or denial of service
Summary
Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.
This issue affects:
smartLink HW-DP: through 1.31
smartLink HW-PN: before 1.02.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | smartLink HW-DP |
Affected:
0 , ≤ 1.31
(custom)
Unaffected: 1.32 (custom) |
|
| Softing | smartLink HW-PN |
Affected:
0 , < 1.02
(custom)
Unaffected: 1.02 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-14028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:39:03.488317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:45:30.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"webserver"
],
"product": "smartLink HW-DP",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.31",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.32",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"webserver"
],
"product": "smartLink HW-PN",
"vendor": "Softing",
"versions": [
{
"lessThan": "1.02",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.02",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.31",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-dp:1.32:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.02",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\u003cbr\u003eThis issue affects:\u003cbr\u003esmartLink HW-DP: through 1.31\u003cbr\u003esmartLink HW-PN: before 1.02.\u003c/p\u003e"
}
],
"value": "Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\nThis issue affects:\nsmartLink HW-DP: through 1.31\nsmartLink HW-PN: before 1.02."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T05:53:40.991Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate firmware for\u003cbr\u003esmartLink HW-DP: to 1.32\u003cbr\u003esmartLink HW-PN: to 1.02.\u003c/p\u003e"
}
],
"value": "Update firmware for\nsmartLink HW-DP: to 1.32\nsmartLink HW-PN: to 1.02."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple implicit reads in parallel can result in a crash or denial of service",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2024-14028",
"datePublished": "2026-03-27T05:53:40.991Z",
"dateReserved": "2026-03-23T15:31:51.510Z",
"dateUpdated": "2026-03-27T13:45:30.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13406 (GCVE-0-2025-13406)
Vulnerability from cvelistv5 – Published: 2026-03-17 14:32 – Updated: 2026-03-27 08:09
VLAI
EPSS
VEX
Title
Scanning for higher HART revision device leads into NULL pointer dereference in live list
Summary
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | smartLink SW-HT |
Affected:
1.43
(custom)
Unaffected: 1.43.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T14:49:34.753139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T14:50:30.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.43",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43.1:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.\u003cp\u003eThis issue affects smartLink SW-HT: 1.43.\u003c/p\u003e"
}
],
"value": "NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:09:49.360Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate smartLink SW-HT to patch V1.43.1 firmware.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update smartLink SW-HT to patch V1.43.1 firmware."
}
],
"source": {
"discovery": "USER"
},
"title": "Scanning for higher HART revision device leads into NULL pointer dereference in live list",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-13406",
"datePublished": "2026-03-17T14:32:21.500Z",
"dateReserved": "2025-11-19T14:07:24.595Z",
"dateUpdated": "2026-03-27T08:09:49.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10461 (GCVE-0-2025-10461)
Vulnerability from cvelistv5 – Published: 2026-03-16 13:27 – Updated: 2026-03-27 08:13
VLAI
EPSS
VEX
Title
Global file reads caused by improper URL checks in webserver
Summary
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.
This issue affects
smartLink SW-HT: through 1.42
smartLink SW-PN: through 1.03.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | smartLink SW-HT |
Affected:
0 , ≤ 1.42
(custom)
Unaffected: 1.43 (custom) |
|
| Softing | smartLink SW-PN |
Affected:
0 , ≤ 1.03
(custom)
Unaffected: 1.04 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:27:44.548413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:27:51.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "OpenVAS"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\n\n\n\nThis issue affects\n\nsmartLink SW-HT: through 1.42\n\nsmartLink SW-PN: through 1.03."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:13:41.200Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003esmartLink SW-HT: 1.43\u003c/p\u003esmartLink SW-PN: 1.04\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This issue is fixed in\n\n\n\n\n\nsmartLink SW-HT: 1.43\n\nsmartLink SW-PN: 1.04"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Global file reads caused by improper URL checks in webserver",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10461",
"datePublished": "2026-03-16T13:27:21.381Z",
"dateReserved": "2025-09-15T05:57:59.903Z",
"dateUpdated": "2026-03-27T08:13:41.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10685 (GCVE-0-2025-10685)
Vulnerability from cvelistv5 – Published: 2026-03-16 13:14 – Updated: 2026-03-27 08:12
VLAI
EPSS
VEX
Title
HTTP POST with specific higher content length leads into heap corruption
Summary
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:
smartLink SW-PN: through 1.03
smartLink SW-HT: through 1.42
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | smartLink SW-PN |
Affected:
0 , ≤ 1.03
(custom)
Unaffected: 1.04 (custom) |
|
| Softing | smartLink SW-HT |
Affected:
0 , ≤ 1.42
(custom)
Unaffected: 1.43 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:41:54.340261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:41:59.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Frank Renner"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e"
}
],
"value": "Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:\n\nsmartLink SW-PN: through 1.03\n\nsmartLink SW-HT: through 1.42"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/AU:Y/R:A/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:12:30.109Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate firmware for\u003c/p\u003e\u003cp\u003esmartLink SW-PN: to 1.04\u003c/p\u003e\u003cp\u003esmartLink SW-HT: to 1.43\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update firmware for\n\nsmartLink SW-PN: to 1.04\n\nsmartLink SW-HT: to 1.43"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTTP POST with specific higher content length leads into heap corruption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10685",
"datePublished": "2026-03-16T13:14:49.030Z",
"dateReserved": "2025-09-18T12:45:55.230Z",
"dateUpdated": "2026-03-27T08:12:30.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7390 (GCVE-0-2025-7390)
Vulnerability from cvelistv5 – Published: 2025-08-21 06:08 – Updated: 2026-03-27 08:36
VLAI
EPSS
VEX
Title
Bypass the client certificate trust check of an opc.https server while only secure communication is allowed
Summary
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | OPC UA C++ SDK |
Affected:
6.40 , ≤ 6.80
(custom)
Unaffected: 6.80.1 (custom) |
|
| Softing | edgeConnector |
Affected:
0 , ≤ 2025.03
(custom)
Unaffected: SDEX Suite V1.0 (custom) |
|
| Softing | edgeAggregator |
Affected:
0 , ≤ 2025.03
(custom)
Unaffected: SDEX Suite V1.0 (custom) |
Date Public
2025-08-14 06:37
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:51:51.306799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T13:53:15.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://industrial.softing.com/products/opc-ua-and-opc-classic-sdks/opc-ua-c-sdks-for-windows.html",
"defaultStatus": "unaffected",
"modules": [
"opc.https server"
],
"platforms": [
"Windows",
"Linux",
"VxWorks"
],
"product": "OPC UA C++ SDK",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "6.80",
"status": "affected",
"version": "6.40",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.80.1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeconnector.html",
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "edgeConnector",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "2025.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "SDEX Suite V1.0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeaggregator.html",
"defaultStatus": "affected",
"platforms": [
"Linux"
],
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "2025.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "SDEX Suite V1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:vxworks:*:*:*:*:*",
"versionEndIncluding": "6.80",
"versionStartIncluding": "6.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:windows:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:linux:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:vxworks:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeconnector:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "2025.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:sdex_suite_v1.0:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "2025.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:sdex_suite_v1.0:*:linux:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-08-14T06:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
}
],
"value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:36:30.497Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OPC UA C++ SDK V6.80.1 Service-Patch\u003cbr\u003e"
}
],
"value": "OPC UA C++ SDK V6.80.1 Service-Patch"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "edgeAggregator \u0026amp; edgeConnector are now integrated in SDEX Suite: fix with V1.0"
}
],
"value": "edgeAggregator \u0026 edgeConnector are now integrated in SDEX Suite: fix with V1.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypass the client certificate trust check of an opc.https server while only secure communication is allowed",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-7390",
"datePublished": "2025-08-21T06:08:00.210Z",
"dateReserved": "2025-07-09T13:09:38.988Z",
"dateUpdated": "2026-03-27T08:36:30.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39482 (GCVE-0-2023-39482)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability
Summary
Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within libopcuaclient.so. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-20610.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.8686
|
Date Public
2023-08-09 18:05
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:33:02.875353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T13:33:20.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1064",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1064/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.537Z",
"datePublic": "2023-08-09T18:05:25.885Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within libopcuaclient.so. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-20610."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:46.611Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1064",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1064/"
}
],
"source": {
"lang": "en",
"value": "Uri Katz of Claroty Research Team82"
},
"title": "Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39482",
"datePublished": "2024-05-03T02:10:46.611Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39481 (GCVE-0-2023-39481)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability
Summary
Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the web server. The issue results from an inconsistency in URI parsing between NGINX and application code. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20551.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-436 - Interpretation Conflict
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
|
| softing | secure_integration_server |
Affected:
1.22.0.8686
cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T20:36:29.271637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T20:41:58.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1063",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1063/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.532Z",
"datePublic": "2023-08-09T18:04:47.064Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the web server. The issue results from an inconsistency in URI parsing between NGINX and application code. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20551."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:45.801Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1063",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1063/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39481",
"datePublished": "2024-05-03T02:10:45.801Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39480 (GCVE-0-2023-39480)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability
Summary
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
|
| softing | secure_integration_server |
Affected:
1.22.0.8686
cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T15:29:33.855719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T15:42:02.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1062",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1062/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.526Z",
"datePublic": "2023-08-09T18:04:40.922Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:45.099Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1062",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1062/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39480",
"datePublished": "2024-05-03T02:10:45.099Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39479 (GCVE-0-2023-39479)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability
Summary
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
|
| softing | secure_integration_server |
Affected:
1.22.0.8686
cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T15:40:12.735732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:01.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1061",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1061/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.520Z",
"datePublic": "2023-08-09T18:04:34.926Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:44.345Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1061",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1061/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39479",
"datePublished": "2024-05-03T02:10:44.345Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39478 (GCVE-0-2023-39478)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
EPSS
VEX
Title
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability
Summary
Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
|
| softing | secure_integration_server |
Affected:
1.22.0.8686
cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:15:09.515950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:04.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1060",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.515Z",
"datePublic": "2023-08-09T18:04:28.415Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:43.636Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1060",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39478",
"datePublished": "2024-05-03T02:10:43.636Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-08-02T18:10:20.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38125 (GCVE-0-2023-38125)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 17:30
VLAI
EPSS
VEX
Title
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability
Summary
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeAggregator |
Affected:
3.40
|
|
| softing | edgeaggregator |
Affected:
3.40
cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeaggregator",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:26:57.744725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:05.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1059",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-07-12T15:35:25.020Z",
"datePublic": "2023-08-09T18:04:22.098Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:21.322Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1059",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38125",
"datePublished": "2024-05-03T01:59:21.322Z",
"dateReserved": "2023-07-12T15:22:20.623Z",
"dateUpdated": "2024-08-02T17:30:14.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27336 (GCVE-0-2023-27336)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:55 – Updated: 2024-08-02 12:09
VLAI
EPSS
VEX
Title
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability
Summary
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeConnector Siemens |
Affected:
3.40
|
|
| softing | edgeconnector |
Affected:
3.40
cpe:2.3:a:softing:edgeconnector:-:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:05
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeconnector:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeconnector",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:08:48.894972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:42.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1065",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1065/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeConnector Siemens",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-02-28T18:05:53.960Z",
"datePublic": "2023-08-09T18:05:39.861Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:55:58.472Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1065",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1065/"
}
],
"source": {
"lang": "en",
"value": "Team ECQ"
},
"title": "Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27336",
"datePublished": "2024-05-03T01:55:58.472Z",
"dateReserved": "2023-02-28T17:58:45.479Z",
"dateUpdated": "2024-08-02T12:09:43.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27335 (GCVE-0-2023-27335)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:55 – Updated: 2024-08-02 12:09
VLAI
EPSS
VEX
Title
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability
Summary
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeAggregator |
Affected:
3.40
|
|
| softing | edgeaggregator |
Affected:
3.4.0
cpe:2.3:a:softing:edgeaggregator:3.4.0:*:*:*:*:*:*:* |
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeaggregator:3.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeaggregator",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:59:01.773629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:58.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1057",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1057/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-02-28T18:05:53.954Z",
"datePublic": "2023-08-09T18:04:10.515Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:55:57.666Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1057",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1057/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27335",
"datePublished": "2024-05-03T01:55:57.666Z",
"dateReserved": "2023-02-28T17:58:45.479Z",
"dateUpdated": "2024-08-02T12:09:43.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27334 (GCVE-0-2023-27334)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:55 – Updated: 2024-08-02 12:09
VLAI
EPSS
VEX
Title
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability
Summary
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://industrial.softing.com/fileadmin/psirt/do… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | edgeConnector Siemens |
Affected:
3.40
|
|
| softing | edgeconnector |
Affected:
3.40
cpe:2.3:a:softing:edgeconnector:-:*:*:*:*:*:*:* |
Date Public
2023-08-09 15:55
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:edgeconnector:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edgeconnector",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:55:32.192681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:56.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1054",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1054/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "edgeConnector Siemens",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "3.40"
}
]
}
],
"dateAssigned": "2023-02-28T18:05:53.949Z",
"datePublic": "2023-08-09T15:55:45.687Z",
"descriptions": [
{
"lang": "en",
"value": "Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:55:56.942Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1054",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1054/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2023-1.html"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27334",
"datePublished": "2024-05-03T01:55:56.942Z",
"dateReserved": "2023-02-28T17:58:45.479Z",
"dateUpdated": "2024-08-02T12:09:43.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}