Skip to main content

Opc

17 CVEs product

Monthly

CVE-2023-41151 HIGH This Week

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Opc Opc Ua C Software Development Kit Secure Integration Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37572 HIGH This Week

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Opc
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39823 HIGH This Week

An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Opc Opc Ua C Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37453 HIGH This Week

An issue was discovered in Softing OPC UA C++ SDK before 6.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2547 HIGH This Week

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-2338 MEDIUM This Month

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-2337 HIGH This Week

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-2336 CRITICAL Act Now

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-2335 HIGH This Week

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-2334 HIGH POC Act Now

The application searches for a library dll that is not found. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD GitHub
CVSS 3.1
7.2
EPSS
9.5%
CVE-2022-1748 HIGH This Week

Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1373 HIGH POC THREAT Act Now

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD GitHub
CVSS 3.1
7.2
EPSS
10.2%
CVE-2022-1069 HIGH This Week

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40873 HIGH This Week

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Datafeed Opc Suite Edgeconnector Opc Secure Integration Server +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40871 HIGH This Week

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Datafeed Opc Suite Opc Secure Integration Server +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-14524 CRITICAL Act Now

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Opc
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14522 HIGH This Week

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Opc
NVD
CVSS 3.1
7.5
EPSS
1.5%
EPSS 1% CVSS 7.5
HIGH This Week

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Opc +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Opc
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Softing OPC UA C++ SDK before 6.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Edgeaggregator +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator +5
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Edgeaggregator Edgeconnector +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edgeaggregator Edgeconnector +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Edgeaggregator +5
NVD
EPSS 10% CVSS 7.2
HIGH POC Act Now

The application searches for a library dll that is not found. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Edgeaggregator Edgeconnector +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator +5
NVD
EPSS 10% CVSS 7.2
HIGH POC THREAT Act Now

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Edgeaggregator Edgeconnector +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Edgeaggregator +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Datafeed Opc Suite Edgeconnector +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Datafeed Opc Suite +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Opc
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy