CVSS · MEDIUM · 6.8⁄10 · CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/RE:L/U:Red
Scoring scenario: GENERAL
attackVector: NETWORK
attackComplexity: LOW
attackRequirements: PRESENT
privilegesRequired: HIGH
userInteraction: ACTIVE
vulnConfidentialityImpact: NONE
subConfidentialityImpact: NONE
vulnIntegrityImpact: NONE
subIntegrityImpact: NONE
vulnAvailabilityImpact: HIGH
subAvailabilityImpact: HIGH
exploitMaturity: NOT_DEFINED
Safety: NOT_DEFINED
Automatable: YES
Recovery: AUTOMATIC
valueDensity: NOT_DEFINED
vulnerabilityResponseEffort: LOW
providerUrgency: RED
CVE-2025-13406 Scanning for higher HART revision device leads into NULL pointer dereference in live list

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.

This issue affects smartLink SW-HT: 1.43.

Problem: CWE-476 NULL Pointer Dereference CWE-476
Impact: CAPEC-469 HTTP DoS CAPEC-469
ProductAffectedUnaffected
Softing smartLink SW-HT » Webserver

Default status is unaffected		1.43
1.43.1

CPE Applicability:

CPE Applicability (based on the Affected products section)

    • cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:* is vulnerable
    • OR cpe:2.3:a:softing:smartlink_sw-ht:1.43.1:*:*:*:*:*:*:* is not vulnerable


Solution

Update smartLink SW-HT to patch V1.43.1 firmware.


References
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.html
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-13406.json