github - ghsa-8j39-c987-frxv

ghsa-8j39-c987-frxv

Vulnerability from github

Published

2025-10-28 09:31

Modified

2025-10-28 09:31

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Amber

Details

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects

smartLink HW-PN: from 1.02 through 1.03

smartLink HW-DP: 1.31

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-10150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-833"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-28T08:15:32Z",
    "severity": "HIGH"
  },
  "details": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects\n\nsmartLink HW-PN: from 1.02 through 1.03\n\nsmartLink HW-DP: 1.31",
  "id": "GHSA-8j39-c987-frxv",
  "modified": "2025-10-28T09:31:54Z",
  "published": "2025-10-28T09:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10150"
    },
    {
      "type": "WEB",
      "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.html"
    },
    {
      "type": "WEB",
      "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2025-10150 (GCVE-0-2025-10150)

Vulnerability from cvelistv5

Published

2025-10-28 07:24

Modified

2025-10-28 13:28

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Amber

CWE

CWE-833 - Deadlock

Summary

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31

References

URL

Tags

	https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.html	x_html
	https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.json	x_json

Impacted products

Vendor

Product

Version

Softing Industrial Automation GmbH

smartLink HW-PN

Version: 1.02 <

Softing Industrial Automation GmbH

smartLink HW-DP

Version: 0 <

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-28T13:27:44.147539Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-28T13:28:01.850Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "smartLink HW-PN",
          "vendor": "Softing Industrial Automation GmbH",
          "versions": [
            {
              "lessThanOrEqual": "1.03",
              "status": "affected",
              "version": "1.02",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "smartLink HW-DP",
          "vendor": "Softing Industrial Automation GmbH",
          "versions": [
            {
              "lessThanOrEqual": "1.31",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-pn:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.03",
                  "versionStartIncluding": "1.02",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-dp:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.31",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink HW-PN: from 1.02 through 1.03\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.31\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects\n\nsmartLink HW-PN: from 1.02 through 1.03\n\nsmartLink HW-DP: 1.31"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-25",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-25 Forced Deadlock"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-833",
              "description": "CWE-833: Deadlock",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-28T07:24:38.296Z",
        "orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
        "shortName": "Softing"
      },
      "references": [
        {
          "tags": [
            "x_html"
          ],
          "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.html"
        },
        {
          "tags": [
            "x_json"
          ],
          "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003esmartLink HW-PN: 1.04\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.32\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "This issue is fixed in\n\nsmartLink HW-PN: 1.04\n\nsmartLink HW-DP: 1.32"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Webserver crash caused by scanning on TCP port 80",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
    "assignerShortName": "Softing",
    "cveId": "CVE-2025-10150",
    "datePublished": "2025-10-28T07:24:38.296Z",
    "dateReserved": "2025-09-09T07:27:03.262Z",
    "dateUpdated": "2025-10-28T13:28:01.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.