Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opc
(Softing)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-20 | CVE-2022-37453 | An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types. | Edgeaggregator, Edgeconnector, Opc, Opc_ua_c\+\+_software_development_kit, Secure_integration_server, Uagates | 7.5 | ||
| 2022-10-20 | CVE-2022-39823 | An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error | Opc, Opc_ua_c\+\+_software_development_kit | 7.5 | ||
| 2020-08-25 | CVE-2020-14524 | Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | Opc | 9.8 | ||
| 2020-08-25 | CVE-2020-14522 | Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | Opc | 7.5 | ||
| 2021-11-10 | CVE-2021-40871 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. | Datafeed_opc_suite, Opc, Secure_integration_server, Th_scope | 7.5 | ||
| 2021-11-10 | CVE-2021-40873 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted. | Datafeed_opc_suite, Edgeconnector, Opc, Secure_integration_server, Th_scope, Uagates, Uatoolkit_embedded | 7.5 | ||
| 2022-08-17 | CVE-2022-1373 | The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk. | Edgeaggregator, Edgeconnector, Opc, Opc_ua_c\+\+_software_development_kit, Secure_integration_server, Uagates | 7.2 | ||
| 2022-08-17 | CVE-2022-1069 | A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | Edgeaggregator, Edgeconnector, Opc, Opc_ua_c\+\+_software_development_kit, Secure_integration_server, Uagates | 7.5 | ||
| 2022-08-17 | CVE-2022-2547 | A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | Edgeaggregator, Edgeconnector, Opc, Opc_ua_c\+\+_software_development_kit, Secure_integration_server, Uagates | 7.5 | ||
| 2022-08-17 | CVE-2022-2335 | A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | Edgeaggregator, Edgeconnector, Opc, Opc_ua_c\+\+_software_development_kit, Secure_integration_server, Uagates | 7.5 |