Skip to main content

Opc CVE-2022-39823

HIGH
Use After Free (CWE-416)
2022-10-20 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 20, 2022 - 21:15 nvd
HIGH 7.5

DescriptionNVD

An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error

AnalysisAI

An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error Affected products include: Softing Opc, Softing Opc Ua C\+\+ Software Development Kit. Version information: through 6..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

More in Opc

View all
CVE-2022-2334 HIGH POC
7.2 Aug 17

The application searches for a library dll that is not found. Rated high severity (CVSS 7.2), this vulnerability is remo

CVE-2022-1373 HIGH POC
7.2 Aug 17

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vu

CVE-2022-2336 CRITICAL
9.8 Aug 17

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator crede

CVE-2020-14524 CRITICAL
9.8 Aug 25

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerab

CVE-2023-41151 HIGH
7.5 Dec 14

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the

CVE-2023-37572 HIGH
7.5 Dec 05

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information

CVE-2022-37453 HIGH
7.5 Oct 20

An issue was discovered in Softing OPC UA C++ SDK before 6.10. Rated high severity (CVSS 7.5), this vulnerability is rem

CVE-2022-2547 HIGH
7.5 Aug 17

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integrati

CVE-2022-2337 HIGH
7.5 Aug 17

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Ser

CVE-2022-2335 HIGH
7.5 Aug 17

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integra

CVE-2022-1748 HIGH
7.5 Aug 17

Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affec

CVE-2022-1069 HIGH
7.5 Aug 17

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Inte

Share

CVE-2022-39823 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy