Vulnerabilities > Softing > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2023-37571 | Cross-site Scripting vulnerability in Softing TH Scope 3.5 Softing TH SCOPE through 3.70 allows XSS. | 6.1 |
| 2023-11-06 | CVE-2022-48192 | Cross-site Scripting vulnerability in Softing Smartlink Sw-Ht Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application. | 6.1 |
| 2022-04-04 | CVE-2021-32994 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing OPC UA C++ Software Development KIT Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations. | 5.0 |
| 2022-03-11 | CVE-2021-42262 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Softing products An issue was discovered in Softing OPC UA C++ SDK before 5.70. | 4.0 |
| 2022-03-11 | CVE-2021-42577 | NULL Pointer Dereference vulnerability in Softing products An issue was discovered in Softing OPC UA C++ SDK before 5.70. | 5.0 |
| 2021-11-10 | CVE-2021-40871 | Type Confusion vulnerability in Softing products An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. | 5.0 |
| 2021-11-10 | CVE-2021-40872 | Type Confusion vulnerability in Softing Smartlink Hw-Dp and Uatoolkit Embedded An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. | 5.0 |
| 2021-11-10 | CVE-2021-40873 | Double Free vulnerability in Softing products An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. | 5.0 |
| 2021-04-02 | CVE-2021-29660 | Cross-Site Request Forgery (CSRF) vulnerability in Softing OPC Toolbox A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | 6.8 |
| 2020-08-25 | CVE-2020-14522 | Resource Exhaustion vulnerability in Softing OPC Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | 5.0 |