CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0860 – Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator
https://notcve.org/view.php?id=CVE-2024-0860
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. El producto afectado es vulnerable a una transmisión de texto plano de información confidencial, lo que puede permitir a un atacante capturar paquetes para manipular sus propias solicitudes. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 8099 by default. HTTP traffic to this port contains unprotected credentials. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37571
https://notcve.org/view.php?id=CVE-2023-37571
Softing TH SCOPE through 3.70 allows XSS. Softing TH SCOPE hasta 3,70 permite XSS. • https://industrial.softing.com https://industrial.softing.com/fileadmin/psirt/downloads/2024/syt-2024-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41151
https://notcve.org/view.php?id=CVE-2023-41151
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. Un problema de excepción no detectado descubierto en Softing OPC UA C++ SDK anterior a 6.30 para el sistema operativo Windows puede causar que la aplicación falle cuando el servidor quiere enviar un paquete de error, mientras el socket está bloqueado al escribir. • https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37572
https://notcve.org/view.php?id=CVE-2023-37572
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted. Softing OPC Suite versión 5.25 y anteriores tiene un control de acceso incorrecto, lo que permite a los atacantes obtener información confidencial a través de permisos débiles en el servicio OSF_discovery. • https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-5.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48192 – Cross-site scripting vulnerability in Softing smartLink SW-HT
https://notcve.org/view.php?id=CVE-2022-48192
Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application. Vulnerabilidad de Cross-Site Scripting (XSS) en Softing smartLink SW-HT anterior a la 1.30, que permite a un atacante ejecutar un script dinámico (JavaScript, VBScript) en el contexto de la aplicación. • https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-11.html https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-11.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •