Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Softing — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting Softing. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Softing AG specializes in industrial communication solutions, providing hardware and software for connecting automation systems, particularly in automotive and manufacturing sectors. Its product portfolio includes gateways, switches, and software for protocols like CANopen and PROFINET, facilitating data exchange between field devices and higher-level control systems. Historically, the company’s software components have exhibited vulnerabilities such as remote code execution, buffer overflows, and improper access control, often stemming from complex network stack implementations. Notable incidents include critical flaws allowing unauthorized command execution or denial of service within industrial networks. These weaknesses highlight risks in legacy protocols and embedded systems where security updates may be delayed. The accumulation of twenty-seven CVEs underscores the challenges in maintaining secure codebases for specialized industrial IoT infrastructure, emphasizing the need for rigorous patch management and secure configuration practices in critical operational technology environments.

Top products by Softing: Secure Integration Server edgeAggregator edgeConnector Siemens smartLink SW-HT OPC UA C++ SDK (Software Development Kit) edgeConnector OPC UA C++ SDK smartLink SW-PN smartLink HW-DP pnGate
CVE IDTitleCVSSSeverityPublished
CVE-2023-7339 Data collection for dowloading leads into buffer overflow — pnGateCWE-121 6.5 Medium2026-03-27
CVE-2024-14028 Multiple implicit reads in parallel can result in a crash or denial of service — smartLink HW-DPCWE-416 6.5 Medium2026-03-27
CVE-2025-13406 Scanning for higher HART revision device leads into NULL pointer dereference in live list — smartLink SW-HTCWE-476 7.5AIHighAI2026-03-17
CVE-2025-10461 Global file reads caused by improper URL checks in webserver — smartLink SW-HTCWE-20 7.5AIHighAI2026-03-16
CVE-2025-10685 HTTP POST with specific higher content length leads into heap corruption — smartLink SW-PNCWE-122 9.8AICriticalAI2026-03-16
CVE-2025-7390 Bypass the client certificate trust check of an opc.https server while only secure communication is allowed — OPC UA C++ SDKCWE-295 9.1 Critical2025-08-21
CVE-2023-39482 Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability — Secure Integration ServerCWE-321 6.5 -2024-05-03
CVE-2023-39481 Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability — Secure Integration ServerCWE-436 8.8 -2024-05-03
CVE-2023-39480 Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability — Secure Integration ServerCWE-552 8.1 -2024-05-03
CVE-2023-39479 Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability — Secure Integration ServerCWE-552 6.5 -2024-05-03
CVE-2023-39478 Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability — Secure Integration ServerCWE-668 8.8 -2024-05-03
CVE-2023-38125 Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability — edgeAggregatorCWE-942 8.8 -2024-05-03
CVE-2023-27335 Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability — edgeAggregatorCWE-79 8.3 -2024-05-03
CVE-2023-27336 Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability — edgeConnector SiemensCWE-476 7.5 -2024-05-03
CVE-2023-27334 Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability — edgeConnector SiemensCWE-400 7.5 -2024-05-03
CVE-2024-0860 Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator — edgeConnectorCWE-319 8.0 High2024-03-14
CVE-2023-38126 Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability — edgeAggregatorCWE-22 8.8 -2023-12-19
CVE-2022-2337 Softing Secure Integration Server NULL Pointer Dereference — Secure Integration ServerCWE-476 7.5 High2022-08-17
CVE-2022-1069 Softing Secure Integration Server Out-of-bounds Read — Secure Integration ServerCWE-125 7.5 High2022-08-17
CVE-2022-2338 Softing Secure Integration Server Cleartext Transmission of Sensitive Information — Secure Integration ServerCWE-319 5.7 Medium2022-08-17
CVE-2022-2335 Softing Secure Integration Server Integer Underflow — Secure Integration ServerCWE-191 7.5 High2022-08-17
CVE-2022-2334 Softing Secure Integration Server Uncontrolled Search Path Element — Secure Integration ServerCWE-427 7.2 High2022-08-17
CVE-2022-1373 Softing Secure Integration Server Relative Path Traversal — Secure Integration ServerCWE-23 7.2 High2022-08-17
CVE-2022-1748 Softing Secure Integration Server NULL Pointer Dereference — Secure Integration ServerCWE-476 7.5 High2022-08-17
CVE-2022-2336 Softing Secure Integration Server Improper Authentication — Secure Integration ServerCWE-287 9.8 Critical2022-08-17
CVE-2022-2547 Softing Secure Integration Server NULL Pointer Dereference — Secure Integration ServerCWE-476 7.5 High2022-08-17
CVE-2021-32994 Softing OPC-UA C++ SDK Improper Restriction of Operations within the Bounds of a Memory Buffer — OPC UA C++ SDK (Software Development Kit)CWE-119 7.5 High2022-04-04

This page lists every published CVE security advisory associated with Softing. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.