Industrial

Security Information

Vulnerabilities

What is a vulnerability?

A security vulnerability poses a threat to the security of a computer system. There is a risk that the vulnerability could be exploited, and the affected computer system compromised. Vulnerabilities arise from, among other things, insufficient protection of a computer from attacks from the network (for example, lack of a firewall or other security software), programming errors in the operating system, web browsers, or other software applications running on the system.

Reporting security issues

If you believe you have discovered a vulnerability in a Softing product or have a security incident to report please get in touch with us

Known vulnerabilities
DescriptionCategoryCVEDateProductFixed in Version
Endless recursion in XML StructuresNot yet calcualtedCVE: 2021-2743217.02.2021OPC UA .NET Standard SDK2.80
Privilege Elevation vulnerabilitymediumCVE: 2020-2945715.02.2021OPC UA .NET Standard SDK2.80
HEAP-BASED BUFFER OVERFLOWHighCVE-2020-1452428.07.2020OPC Classic SDK4.47.1
UNCONTROLLED RESOURCE CONSUMPTIONHighCVE-2020-1452228.07.2020OPC Classic SDK4.47.1
Servers do not create sufficiently random numbersHighCVE-2019-1913510.03.2020.NET Standard SDK2.40
Servers do not create sufficiently random numbersHighCVE-2019-1913510.03.2020dataFEED C++ SDK5.62
Authenticated remote code execution possibleHighCVE-2019-1505110.10.2019uaGate SI
uaGate MB   
uaGate840D
edgeGate
1.72.00.1996
Sudo privilege escalationHighCVE-2019-1152610.10.2019uaGate SI
uaGate MB
uaGate840D
edgeGate
1.71.00.1225
Another authenticated remote code executionHighCVE-2019-1152710.10.2019uaGate SI
uaGate MB
uaGate840D
edgeGate
1.72.00.1996
Default unix user permissonsHighCVE-2019-1152810.10.2019uaGate SI
uaGate MB
uaGate840D
edgeGate
1.71.00.1225

 

Softing recommends always using the latest software/firmware version. These are in the Support and Downloads or the respective product page.

No representations are made as to the completeness or accuracy of the listing above. This information is provided without any guarantee or warranty of any kind, either explicit or tacit. We reserve the right to change or update the content of this website without notice at any time. The free update enables you to prevent or limit the consequences of damage resulting from security vulnerabilities. We cannot be held liable for any consequences arising from any omission in this regard. Security vulnerabilities cannot be removed in every case for products which have already reached their end-of-life cycle.

What does CVE mean?

It stands for Common Vulnerabilities and Exposures (CVE) and is an industry standard that aims to introduce a common naming convention for vulnerabilities and other security issues in computer systems. Multiple naming of the same threats by different companies and institutions is supplemented by a serial number (e.g. CVE-2006- 3086) to ensure clear identification of the vulnerability. This enables a smooth exchange of information between the various databases of individual manufacturers.

x

Softing Industrial Support

USA, Canada, Mexico
(865) 251-5244
(Knoxville, TN)
E-mail Request  
Callback

Germany HQ
+49 89 456 56-326
E-mail Request  
Callback


«