Vulnerabilities > Softing

DATE CVE VULNERABILITY TITLE RISK
2022-08-17 CVE-2022-1069 Out-of-bounds Read vulnerability in Softing products
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
network
low complexity
softing CWE-125
7.5
2022-08-17 CVE-2022-1373 Path Traversal vulnerability in Softing products
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files.
network
low complexity
softing CWE-22
7.2
2022-08-17 CVE-2022-1748 NULL Pointer Dereference vulnerability in Softing products
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
network
low complexity
softing CWE-476
7.5
2022-08-17 CVE-2022-2334 Uncontrolled Search Path Element vulnerability in Softing products
The application searches for a library dll that is not found.
network
low complexity
softing CWE-427
7.2
2022-08-17 CVE-2022-2335 Integer Underflow (Wrap or Wraparound) vulnerability in Softing products
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
network
low complexity
softing CWE-191
7.5
2022-08-17 CVE-2022-2336 Improper Authentication vulnerability in Softing products
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`.
network
low complexity
softing CWE-287
critical
9.8
2022-08-17 CVE-2022-2337 NULL Pointer Dereference vulnerability in Softing products
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
network
low complexity
softing CWE-476
7.5
2022-08-17 CVE-2022-2338 Cleartext Transmission of Sensitive Information vulnerability in Softing products
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack.
high complexity
softing CWE-319
5.3
2022-08-17 CVE-2022-2547 NULL Pointer Dereference vulnerability in Softing products
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
network
low complexity
softing CWE-476
7.5
2022-04-04 CVE-2021-32994 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing OPC UA C++ Software Development KIT
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.
network
low complexity
softing CWE-119
7.5