Softing Secure Integration Server — known CVE vulnerabilities
Every CVE whose affected-product data names Softing Secure Integration Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2022-2336 — CVSS 9.8 (critical): Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin`…
CVE-2023-38125 — CVSS 8.8 (high): Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows…
CVE-2023-39478 — CVSS 8.8 (high): Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows…
CVE-2023-39479 — CVSS 8.8 (high): Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create…
CVE-2023-39481 — CVSS 8.8 (high): Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers…
CVE-2022-2337 — CVSS 7.5 (high): A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
CVE-2022-2547 — CVSS 7.5 (high): A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
CVE-2022-37453 — CVSS 7.5 (high): An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and…
CVE-2023-27336 — CVSS 7.5 (high): Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote…
CVE-2023-41151 — CVSS 7.5 (high): An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to…
CVE-2021-40873 — CVSS 7.5 (high): An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers…
CVE-2021-42577 — CVSS 7.5 (high): An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL…
CVE-2022-1069 — CVSS 7.5 (high): A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server…
CVE-2022-1748 — CVSS 7.5 (high): Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL…
CVE-2022-2335 — CVSS 7.5 (high): A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
CVE-2021-40871 — CVSS 7.5 (high): An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by…
CVE-2022-2334 — CVSS 7.2 (high): The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage…
CVE-2022-1373 — CVSS 7.2 (high): The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability…
CVE-2023-39480 — CVSS 6.5 (medium): Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote…
CVE-2021-42262 — CVSS 6.5 (medium): An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash…
CVE-2023-39482 — CVSS 6.5 (medium): Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote…
CVE-2022-2338 — CVSS 5.7 (medium): Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the…