CVE-2025-10150 Webserver crash caused by scanning on TCP port 80

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.

This issue affects

smartLink HW-PN: from 1.02 through 1.03

smartLink HW-DP: 1.31

Problem:

CWE-833: Deadlock CWE-833

Impact:

CAPEC-25 Forced Deadlock CAPEC-25

Product Status:

ProductAffected
Softing Industrial Automation GmbH smartLink HW-PN

Default status is affected		from 1.02 through 1.03
Softing Industrial Automation GmbH smartLink HW-DP

Default status is unaffected		 through 1.31

CPE Applicability:

CPE Applicability (based on the Affected products section)

    • cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-pn:*:*:*:*:*:*:*:* is vulnerable from (including) 1.02 and up to (including) 1.03
  • or
    • cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-dp:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.31


Solution:

This issue is fixed in

smartLink HW-PN: 1.04

smartLink HW-DP: 1.32

References

industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.html x_html
industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.json x_json