A security vulnerability poses a threat to the security of a computer system. There is a risk that the vulnerability could be exploited, and the affected computer system compromised. Vulnerabilities arise from, among other things, insufficient protection of a computer from attacks from the network (for example, lack of a firewall or other security software), programming errors in the operating system, web browsers, or other software applications running on the system.
If you believe you have discovered a vulnerability in a Softing product or have a security incident to report please get in touch with us security.sia[at]softing[dot]com.
Description | Category | CVE | Date | Product | Fixed in Version |
Endless loop in OpenSSL | High | CVE-2022-0778 | 15.03.2022 | OPC UA C++ SDK | OPC UA C++ SDK – fixed: 5.70.1 |
Invalid XML element in the type dictionary | High | CVE-2021-42262 | 09.03.2022 | OPC UA C++ SDK | OPC UA C++ SDK - fixed: 5.70 dataFEED OPC Suite - fixed: planned for 5.20 Secure Integration Server - fixed planned for 1.30 |
A malformed OPC/UA message abort packet makes the client crash with a null pointer dereference. | High | CVE-2021-42577 | 09.03.2022 | OPC UA C++ SDK | OPC UA C++ SDK - fixed: 5.70 dataFEED OPC Suite - fixed: planned for 5.20 Secure Integration Server - fixed planned for 1.30 |
Possible memory corruption in BT controller | Medium | CVE-2021-35093 | 06.12.2021 | mobiLink | N. A. |
CWE 20: Improper Input Validation | High | CVE-2021-40872 | 08.11.2021 | uaToolkit Embedded smartLink HW DP | 1.40 planned for 1.19 |
CWE 415: Double Free | High | CVE-2021-40873 | 08.11.2021 | uaToolkit Embedded OPC UA C++ SDK TH SCOPE dataFEED OPC Suite Secure Integration Server edgeConnector uaGates | 1.40 5.66 N. A. 5.18 planned for 1.30 planned for 3.10 1.73 |
CWE 20: Improper Input Validation | Medium | CVE-2021-40871 | 08.11.2021 | OPC UA C++ SDK TH SCOPE dataFEED OPC Suite Secure Integration Server | 5.66 N. A. 5.18 planned for 1.30 |
Improper Restriction of Operations within the Bounds of a Memory Buffer | High | CVE-2021-32994 | 17.06.2021 | OPC UA C++ SDK | 5.65 |
Endless recursion in XML Structures | High | CVE: 2021-27432 | 17.02.2021 | OPC UA .NET Standard SDK OPC UA .NET SDK | 2.80 1.48 |
Privilege Elevation vulnerability | medium | CVE: 2020-29457 | 15.02.2021 | OPC UA .NET Standard SDK | 2.80 |
HEAP-BASED BUFFER OVERFLOW | High | CVE-2020-14524 | 28.07.2020 | OPC Classic SDK | 4.47.1 |
UNCONTROLLED RESOURCE CONSUMPTION | High | CVE-2020-14522 | 28.07.2020 | OPC Classic SDK | 4.47.1 |
Servers do not create sufficiently random numbers | High | CVE-2019-19135 | 10.03.2020 | .NET Standard SDK | 2.40 |
Servers do not create sufficiently random numbers | High | CVE-2019-19135 | 10.03.2020 | dataFEED C++ SDK | 5.62 |
Authenticated remote code execution possible | High | CVE-2019-15051 | 10.10.2019 | uaGate SI uaGate MB uaGate840D edgeGate | 1.72.00.1996 |
Sudo privilege escalation | High | CVE-2019-11526 | 10.10.2019 | uaGate SI uaGate MB uaGate840D edgeGate | 1.71.00.1225 |
Another authenticated remote code execution | High | CVE-2019-11527 | 10.10.2019 | uaGate SI uaGate MB uaGate840D edgeGate | 1.72.00.1996 |
Default unix user permissons | High | CVE-2019-11528 | 10.10.2019 | uaGate SI uaGate MB uaGate840D edgeGate | 1.71.00.1225 |
No representations are made as to the completeness or accuracy of the listing above. This information is provided without any guarantee or warranty of any kind, either explicit or tacit. We reserve the right to change or update the content of this website without notice at any time. The free update enables you to prevent or limit the consequences of damage resulting from security vulnerabilities. We cannot be held liable for any consequences arising from any omission in this regard. Security vulnerabilities cannot be removed in every case for products which have already reached their end-of-life cycle.
It stands for Common Vulnerabilities and Exposures (CVE) and is an industry standard that aims to introduce a common naming convention for vulnerabilities and other security issues in computer systems. Multiple naming of the same threats by different companies and institutions is supplemented by a serial number (e.g. CVE-2006- 3086) to ensure clear identification of the vulnerability. This enables a smooth exchange of information between the various databases of individual manufacturers.