Vulnerabilities > CVE-2022-1748 - NULL Pointer Dereference vulnerability in Softing products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

softing

CWE-476

NVD

Published: 2022-08-17

Updated: 2022-08-19

Summary

Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Softing Softing Edgeaggregator 3.1 Softing Secure Integration Server 1.22 Softing Edgeconnector 3.1 Softing OPC 5.2 Softing OPC UA C++ Software Development KIT 6 Softing Uagates 1.74	6

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html