Vulnerabilities (CVE)

Filtered by vendor Softing Subscribe
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-42262 1 Softing 3 Datafeed Opc Suite, Opc Ua C\+\+ Software Development Kit, Secure Integration Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.
CVE-2021-40873 1 Softing 7 Datafeed Opc Suite, Edgeconnector, Opc and 4 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.
CVE-2021-40872 1 Softing 2 Smartlink Hw-dp, Uatoolkit Embedded 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.
CVE-2021-40871 1 Softing 4 Datafeed Opc Suite, Opc, Secure Integration Server and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.
CVE-2021-32994 1 Softing 1 Opc Ua C\+\+ Software Development Kit 2024-11-21 5.0 MEDIUM 7.5 HIGH
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.
CVE-2021-29661 1 Softing 1 Opc Toolbox 2024-11-21 3.5 LOW 5.4 MEDIUM
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
CVE-2021-29660 1 Softing 1 Opc Toolbox 2024-11-21 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.
CVE-2020-14524 1 Softing 1 Opc 2024-11-21 7.5 HIGH 9.8 CRITICAL
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-14522 1 Softing 1 Opc 2024-11-21 5.0 MEDIUM 7.5 HIGH
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
CVE-2019-15051 1 Softing 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
CVE-2019-11528 1 Softing 2 Uagate Si, Uagate Si Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.
CVE-2019-11527 1 Softing 2 Uagate Si, Uagate Si Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.
CVE-2019-11526 1 Softing 2 Uagate Si, Uagate Si Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.
CVE-2014-6616 1 Softing 2 Fg-100 Profibus, Fg-x00 Profibus Firmware 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/.