Vulnerabilities > Softing

DATE CVE VULNERABILITY TITLE RISK
2022-03-11 CVE-2021-42262 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing products
An issue was discovered in Softing OPC UA C++ SDK before 5.70.
network
low complexity
softing CWE-119
6.5
2022-03-11 CVE-2021-42577 NULL Pointer Dereference vulnerability in Softing products
An issue was discovered in Softing OPC UA C++ SDK before 5.70.
network
low complexity
softing CWE-476
7.5
2021-11-10 CVE-2021-40871 Type Confusion vulnerability in Softing products
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66.
network
low complexity
softing CWE-843
7.5
2021-11-10 CVE-2021-40872 Type Confusion vulnerability in Softing Smartlink Hw-Dp and Uatoolkit Embedded
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40.
network
low complexity
softing CWE-843
7.5
2021-11-10 CVE-2021-40873 Double Free vulnerability in Softing products
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40.
network
low complexity
softing CWE-415
7.5
2021-04-02 CVE-2021-29661 Cross-site Scripting vulnerability in Softing OPC Toolbox 4.10.1.13035
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file.
network
low complexity
softing CWE-79
5.4
2021-04-02 CVE-2021-29660 Cross-Site Request Forgery (CSRF) vulnerability in Softing OPC Toolbox 4.10.1.13035
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.
network
low complexity
softing CWE-352
8.8
2020-08-25 CVE-2020-14524 Out-of-bounds Write vulnerability in Softing OPC
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
softing CWE-787
critical
9.8
2020-08-25 CVE-2020-14522 Resource Exhaustion vulnerability in Softing OPC
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
network
low complexity
softing CWE-400
7.5
2019-10-10 CVE-2019-15051 Command Injection vulnerability in Softing products
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225.
network
low complexity
softing CWE-77
8.8