Vulnerabilities > Softing

DATE CVE VULNERABILITY TITLE RISK
2024-01-30 CVE-2023-37571 Cross-site Scripting vulnerability in Softing TH Scope 3.5
Softing TH SCOPE through 3.70 allows XSS.
network
low complexity
softing CWE-79
6.1
2023-12-19 CVE-2023-38126 Path Traversal vulnerability in Softing Edgeaggregator 3.4.0
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability.
network
low complexity
softing CWE-22
7.2
2023-12-14 CVE-2023-41151 Improper Handling of Exceptional Conditions vulnerability in Softing OPC and OPC UA C++ Software Development KIT
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
network
low complexity
softing CWE-755
7.5
2023-12-05 CVE-2023-37572 Incorrect Default Permissions vulnerability in Softing OPC
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service.
network
low complexity
softing CWE-276
7.5
2023-11-06 CVE-2022-48192 Cross-site Scripting vulnerability in Softing Smartlink Sw-Ht
Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
network
low complexity
softing CWE-79
6.1
2023-11-06 CVE-2022-48193 Inadequate Encryption Strength vulnerability in Softing Smartlink Sw-Ht
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
network
low complexity
softing CWE-326
7.5
2023-01-26 CVE-2022-44018 NULL Pointer Dereference vulnerability in Softing Uatoolkit Embedded 1.31/1.40
In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.
network
low complexity
softing CWE-476
7.5
2023-01-26 CVE-2022-45920 Memory Leak vulnerability in Softing Uatoolkit Embedded 1.31/1.40
In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.
network
low complexity
softing CWE-401
7.5
2022-10-20 CVE-2022-37453 Out-of-bounds Write vulnerability in Softing products
An issue was discovered in Softing OPC UA C++ SDK before 6.10.
network
low complexity
softing CWE-787
7.5
2022-10-20 CVE-2022-39823 Use After Free vulnerability in Softing OPC and OPC UA C++ Software Development KIT
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10.
network
low complexity
softing CWE-416
7.5