Vulnerabilities > Softing

DATE CVE VULNERABILITY TITLE RISK
2022-08-17 CVE-2022-1373 Path Traversal vulnerability in Softing products
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files.
network
low complexity
softing CWE-22
7.2
2022-04-04 CVE-2021-32994 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing OPC UA C++ Software Development KIT
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.
network
low complexity
softing CWE-119
5.0
2022-03-11 CVE-2021-42262 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing products
An issue was discovered in Softing OPC UA C++ SDK before 5.70.
network
low complexity
softing CWE-119
4.0
2022-03-11 CVE-2021-42577 NULL Pointer Dereference vulnerability in Softing products
An issue was discovered in Softing OPC UA C++ SDK before 5.70.
network
low complexity
softing CWE-476
5.0
2021-11-10 CVE-2021-40871 Type Confusion vulnerability in Softing products
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66.
network
low complexity
softing CWE-843
5.0
2021-11-10 CVE-2021-40872 Type Confusion vulnerability in Softing Smartlink Hw-Dp and Uatoolkit Embedded
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40.
network
low complexity
softing CWE-843
5.0
2021-11-10 CVE-2021-40873 Double Free vulnerability in Softing products
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40.
network
low complexity
softing CWE-415
5.0
2021-04-02 CVE-2021-29661 Cross-site Scripting vulnerability in Softing OPC Toolbox
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file.
network
softing CWE-79
3.5
2021-04-02 CVE-2021-29660 Cross-Site Request Forgery (CSRF) vulnerability in Softing OPC Toolbox
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.
network
softing CWE-352
6.8
2020-08-25 CVE-2020-14524 Out-of-bounds Write vulnerability in Softing OPC
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
softing CWE-787
7.5