CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41151
https://notcve.org/view.php?id=CVE-2023-41151
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. Un problema de excepción no detectado descubierto en Softing OPC UA C++ SDK anterior a 6.30 para el sistema operativo Windows puede causar que la aplicación falle cuando el servidor quiere enviar un paquete de error, mientras el socket está bloqueado al escribir. • https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-37453
https://notcve.org/view.php?id=CVE-2022-37453
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types. Se ha detectado un problema en Softing OPC UA C++ SDK versiones anteriores a 6.10. Es producido un desbordamiento del búfer o un exceso de asignación debido a los límites de matrices y arrays no comprobados en los tipos de datos de estructuras • https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.html https://softing.com • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2337 – Softing Secure Integration Server NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2022-2337
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. Un paquete HTTP diseñado con un URI HTTP faltante puede crear una condición de denegación de servicio en Softing Secure Integration Server versión V1.22. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the URI HTTP header. The issue results from dereferencing a null pointer. • https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1069 – Softing Secure Integration Server Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2022-1069
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Un paquete HTTP diseñado con un encabezado de gran longitud de contenido puede crear una condición de denegación de servicio en Softing Secure Integration Server versión V1.22. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the Content-Length HTTP header. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 • CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2338 – Softing Secure Integration Server Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2022-2338
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server. Softing Secure Integration Server versión V1.22, es vulnerable a una omisión de la autenticación por medio de un ataque de tipo "machine-in-the-middle". Por defecto, la interfaz de administración es accesible por medio del protocolo HTTP en texto plano, lo que facilita el ataque. • https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 • CWE-319: Cleartext Transmission of Sensitive Information •