Vulnerabilities > Softing
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-11 | CVE-2021-42262 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing products An issue was discovered in Softing OPC UA C++ SDK before 5.70. | 6.5 |
2022-03-11 | CVE-2021-42577 | NULL Pointer Dereference vulnerability in Softing products An issue was discovered in Softing OPC UA C++ SDK before 5.70. | 7.5 |
2021-11-10 | CVE-2021-40871 | Type Confusion vulnerability in Softing products An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. | 7.5 |
2021-11-10 | CVE-2021-40872 | Type Confusion vulnerability in Softing Smartlink Hw-Dp and Uatoolkit Embedded An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. | 7.5 |
2021-11-10 | CVE-2021-40873 | Double Free vulnerability in Softing products An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. | 7.5 |
2021-04-02 | CVE-2021-29661 | Cross-site Scripting vulnerability in Softing OPC Toolbox 4.10.1.13035 Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. | 5.4 |
2021-04-02 | CVE-2021-29660 | Cross-Site Request Forgery (CSRF) vulnerability in Softing OPC Toolbox 4.10.1.13035 A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | 8.8 |
2020-08-25 | CVE-2020-14524 | Out-of-bounds Write vulnerability in Softing OPC Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
2020-08-25 | CVE-2020-14522 | Resource Exhaustion vulnerability in Softing OPC Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | 7.5 |
2019-10-10 | CVE-2019-15051 | Command Injection vulnerability in Softing products An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. | 8.8 |