CVSS · MEDIUM · 6.5⁄10 · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Scoring scenario: GENERAL
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
CVE-2024-14028 Multiple implicit reads in parallel can result in a crash or denial of service

Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.
This issue affects:
smartLink HW-DP: through 1.31
smartLink HW-PN: before 1.02.

Problem: CWE-416 Use after free CWE-416
Impact: CAPEC-469 HTTP DoS CAPEC-469
ProductAffectedUnaffected
Softing smartLink HW-DP » webserver

Default status is unaffected		 through 1.31
1.32
Softing smartLink HW-PN » webserver

Default status is unaffected		 before 1.02
1.02

CPE Applicability:

CPE Applicability (based on the Affected products section)

    • cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.31
    • OR cpe:2.3:a:softing:smartlink_hw-dp:1.32:*:*:*:*:*:*:* is not vulnerable
  • or
    • cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (excluding) 1.02
    • OR cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:* is not vulnerable


Solution

Update firmware for
smartLink HW-DP: to 1.32
smartLink HW-PN: to 1.02.

References
industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.html
industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.json