softing 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、パス処理の欠陥, and バッファオーバーフロー に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-39482 | Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within libopcuaclient.so. The issue results from hardcoding crytographic keys within the product. An attacker c | [email protected] | 6.5 | 0.17% | 2024-05-03 | 2025-08-12 |
| CVE-2023-39481 | Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the web server. The issue results from an inconsistency in URI parsing between NGINX and application code. An attacke | [email protected] | 8.8 | 0.26% | 2024-05-03 | 2025-08-12 |
| CVE-2023-39480 | Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesy | [email protected] | 6.5 | 0.26% | 2024-05-03 | 2025-08-12 |
| CVE-2023-39479 | Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can | [email protected] | 8.8 | 0.57% | 2024-05-03 | 2025-08-12 |
| CVE-2023-39478 | Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of us | [email protected] | 8.8 | 0.31% | 2024-05-03 | 2025-08-12 |
| CVE-2023-38125 | Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other | [email protected] | 8.8 | 0.66% | 2024-05-03 | 2025-08-12 |
| CVE-2023-27336 | Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of- | [email protected] | 7.5 | 0.29% | 2024-05-03 | 2025-08-13 |
| CVE-2023-27335 | Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validat | [email protected] | 9.6 | 0.55% | 2024-05-03 | 2025-08-13 |
| CVE-2023-27334 | Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacke | [email protected] | 7.5 | 0.59% | 2024-05-03 | 2025-08-13 |
| CVE-2024-0860 | The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. | [email protected] | 8.0 | 0.03% | 2024-03-14 | 2025-01-23 |
| CVE-2023-37571 | Softing TH SCOPE through 3.70 allows XSS. | [email protected] | 6.1 | 0.32% | 2024-01-30 | 2025-06-20 |
| CVE-2023-38126 | Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to e | [email protected] | 7.2 | 6.48% | 2023-12-19 | 2024-11-21 |
| CVE-2023-41151 | An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. | [email protected] | 7.5 | 0.45% | 2023-12-14 | 2025-05-22 |
| CVE-2023-37572 | Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted. | [email protected] | 7.5 | 0.17% | 2023-12-05 | 2024-11-21 |
| CVE-2022-48193 | Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | [email protected] | 5.9 | 0.04% | 2023-11-06 | 2024-11-21 |
| CVE-2022-48192 | Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application. | [email protected] | 7.2 | 0.07% | 2023-11-06 | 2024-11-21 |
| CVE-2022-45920 | In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak. | [email protected] | 7.5 | 0.39% | 2023-01-26 | 2025-04-01 |
| CVE-2022-44018 | In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application. | [email protected] | 7.5 | 0.39% | 2023-01-26 | 2025-04-01 |
| CVE-2022-39823 | An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error | [email protected] | 7.5 | 0.49% | 2022-10-20 | 2025-05-08 |
| CVE-2022-37453 | An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types. | [email protected] | 7.5 | 0.51% | 2022-10-20 | 2025-05-08 |