CVSS · MEDIUM · 6.5⁄10 · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Scoring scenario: GENERAL
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
CVE-2023-7339 Data collection for dowloading leads into buffer overflow

Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.
This issue affects
pnGate: through 1.30
epGate: through 1.30
mbGate: through 1.30
smartLink HW-DP: through 1.30
smartLink HW-PN: through 1.01.

Problem: CWE-121 Stack-based Buffer Overflow CWE-121
Impact: CAPEC-100 Overflow Buffers CAPEC-100
ProductAffectedUnaffected
Softing pnGate

Default status is unaffected		 through 1.30
1.34
Softing epGate

Default status is unaffected		 through 1.30
Softing mbGate

Default status is unaffected		 through 1.30
Softing smartLink HW-DP

Default status is unaffected		 through 1.30
1.31
Softing smartLink HW-PN

Default status is unaffected		 through 1.01
1.02

CPE Applicability:

CPE Applicability (based on the Affected products section)

    • cpe:2.3:a:softing:pngate:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.30
    • OR cpe:2.3:a:softing:pngate:1.34:*:*:*:*:*:*:* is not vulnerable
  • or
    • cpe:2.3:a:softing:epgate:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.30
  • or
    • cpe:2.3:a:softing:mbgate:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.30
  • or
    • cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.30
    • OR cpe:2.3:a:softing:smartlink_hw-dp:1.31:*:*:*:*:*:*:* is not vulnerable
  • or
    • cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.01
    • OR cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:* is not vulnerable


Solution

pnGate: fixed with 1.34

smartLink HW-DP: fixed with 1.31
smartLink HW-PN: fixed with 1.02

References
industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html x_html
industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json x_json