Softing: Security Vulnerabilities
Softing TH SCOPE through 3.70 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-01-30
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543.
CVSS Score
7.2
EPSS Score
0.065
Published
2023-12-19
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-14
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-05
Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-11-06
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
CVSS Score
5.9
EPSS Score
0.0
Published
2023-11-06
In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-01-26
In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-01-26
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-20
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-20