Filtered by vendor Softing
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40871 | 1 Softing | 4 Datafeed Opc Suite, Opc, Secure Integration Server and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. | |||||
| CVE-2021-32994 | 1 Softing | 1 Opc Ua C\+\+ Software Development Kit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations. | |||||
| CVE-2021-29661 | 1 Softing | 1 Opc Toolbox | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. | |||||
| CVE-2021-29660 | 1 Softing | 1 Opc Toolbox | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | |||||