Vulnerabilities > Softing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-17 | CVE-2022-1373 | Path Traversal vulnerability in Softing products The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. | 7.2 |
| 2022-04-04 | CVE-2021-32994 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing OPC UA C++ Software Development KIT Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations. | 5.0 |
| 2022-03-11 | CVE-2021-42262 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing products An issue was discovered in Softing OPC UA C++ SDK before 5.70. | 4.0 |
| 2022-03-11 | CVE-2021-42577 | NULL Pointer Dereference vulnerability in Softing products An issue was discovered in Softing OPC UA C++ SDK before 5.70. | 5.0 |
| 2021-11-10 | CVE-2021-40871 | Type Confusion vulnerability in Softing products An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. | 5.0 |
| 2021-11-10 | CVE-2021-40872 | Type Confusion vulnerability in Softing Smartlink Hw-Dp and Uatoolkit Embedded An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. | 5.0 |
| 2021-11-10 | CVE-2021-40873 | Double Free vulnerability in Softing products An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. | 5.0 |
| 2021-04-02 | CVE-2021-29661 | Cross-site Scripting vulnerability in Softing OPC Toolbox Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. | 3.5 |
| 2021-04-02 | CVE-2021-29660 | Cross-Site Request Forgery (CSRF) vulnerability in Softing OPC Toolbox A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | 6.8 |
| 2020-08-25 | CVE-2020-14524 | Out-of-bounds Write vulnerability in Softing OPC Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 7.5 |