CVSS · HIGH · 7.7⁄10 · CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/AU:Y/R:A/RE:L/U:Red
Scoring scenario: GENERAL
attackVector: NETWORK
attackComplexity: LOW
attackRequirements: NONE
privilegesRequired: NONE
userInteraction: NONE
vulnConfidentialityImpact: NONE
subConfidentialityImpact: NONE
vulnIntegrityImpact: NONE
subIntegrityImpact: NONE
vulnAvailabilityImpact: HIGH
subAvailabilityImpact: HIGH
exploitMaturity: UNREPORTED
Safety: NOT_DEFINED
Automatable: YES
Recovery: AUTOMATIC
valueDensity: NOT_DEFINED
vulnerabilityResponseEffort: LOW
providerUrgency: RED
CVE-2025-10685 HTTP POST with specific higher content length leads into heap corruption

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.

This issue affects:

smartLink SW-PN: through 1.03

smartLink SW-HT: through 1.42

Problem: CWE-122 Heap-based Buffer Overflow CWE-122
Impact: CAPEC-100 Overflow Buffers CAPEC-100
ProductAffectedUnaffected
Softing smartLink SW-PN » Webserver

Default status is unaffected		 through 1.03
1.04
Softing smartLink SW-HT » Webserver

Default status is unaffected		 through 1.42
1.43

CPE Applicability:

CPE Applicability (based on the Affected products section)

    • cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.03
    • OR cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:* is not vulnerable
  • or
    • cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:* is vulnerable from (including) 0 and up to (including) 1.42
    • OR cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:* is not vulnerable


Solution

Update firmware for

smartLink SW-PN: to 1.04

smartLink SW-HT: to 1.43


Credits

Frank Renner

References
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.html
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.json