Security Information
Vulnerabilities
What is a vulnerability?
A security vulnerability poses a threat to the security of a computer system. There is a risk that the vulnerability could be exploited, and the affected computer system compromised. Vulnerabilities arise from, among other things, insufficient protection of a computer from attacks from the network (for example, lack of a firewall or other security software), programming errors in the operating system, web browsers, or other software applications running on the system.
Reporting security issues
If you believe you have discovered a vulnerability in a Softing product or have a security incident to report please get in touch with us security.sia[at]softing[dot]com.
Known vulnerabilities
| Description | Category | CVE | Date | Product | Fixed in Version |
| Endless recursion in XML Structures | Not yet calcualted | CVE: 2021-27432 | 17.02.2021 | OPC UA .NET Standard SDK | 2.80 |
| Privilege Elevation vulnerability | medium | CVE: 2020-29457 | 15.02.2021 | OPC UA .NET Standard SDK | 2.80 |
| HEAP-BASED BUFFER OVERFLOW | High | CVE-2020-14524 | 28.07.2020 | OPC Classic SDK | 4.47.1 |
| UNCONTROLLED RESOURCE CONSUMPTION | High | CVE-2020-14522 | 28.07.2020 | OPC Classic SDK | 4.47.1 |
| Servers do not create sufficiently random numbers | High | CVE-2019-19135 | 10.03.2020 | .NET Standard SDK | 2.40 |
| Servers do not create sufficiently random numbers | High | CVE-2019-19135 | 10.03.2020 | dataFEED C++ SDK | 5.62 |
| Authenticated remote code execution possible | High | CVE-2019-15051 | 10.10.2019 | uaGate SI uaGate MB uaGate840D edgeGate | 1.72.00.1996 |
| Sudo privilege escalation | High | CVE-2019-11526 | 10.10.2019 | uaGate SI uaGate MB uaGate840D edgeGate | 1.71.00.1225 |
| Another authenticated remote code execution | High | CVE-2019-11527 | 10.10.2019 | uaGate SI uaGate MB uaGate840D edgeGate | 1.72.00.1996 |
| Default unix user permissons | High | CVE-2019-11528 | 10.10.2019 | uaGate SI uaGate MB uaGate840D edgeGate | 1.71.00.1225 |
Softing recommends always using the latest software/firmware version. These are in the Support and Downloads or the respective product page.
No representations are made as to the completeness or accuracy of the listing above. This information is provided without any guarantee or warranty of any kind, either explicit or tacit. We reserve the right to change or update the content of this website without notice at any time. The free update enables you to prevent or limit the consequences of damage resulting from security vulnerabilities. We cannot be held liable for any consequences arising from any omission in this regard. Security vulnerabilities cannot be removed in every case for products which have already reached their end-of-life cycle.
What does CVE mean?
It stands for Common Vulnerabilities and Exposures (CVE) and is an industry standard that aims to introduce a common naming convention for vulnerabilities and other security issues in computer systems. Multiple naming of the same threats by different companies and institutions is supplemented by a serial number (e.g. CVE-2006- 3086) to ensure clear identification of the vulnerability. This enables a smooth exchange of information between the various databases of individual manufacturers.
Softing Industrial Support
USA, Canada, Mexico
(865) 251-5244
(Knoxville, TN)
E-mail Request
Callback