Filtered by vendor Softing
Subscribe
Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11526 | 1 Softing | 2 Uagate Si, Uagate Si Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations. | |||||
CVE-2019-11528 | 1 Softing | 2 Uagate Si, Uagate Si Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable. | |||||
CVE-2021-29661 | 1 Softing | 1 Opc Toolbox | 2021-04-07 | 3.5 LOW | 5.4 MEDIUM |
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. | |||||
CVE-2021-29660 | 1 Softing | 1 Opc Toolbox | 2021-04-07 | 6.8 MEDIUM | 8.8 HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | |||||
CVE-2020-14522 | 1 Softing | 1 Opc | 2020-08-28 | 5.0 MEDIUM | 7.5 HIGH |
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | |||||
CVE-2019-15051 | 1 Softing | 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | |||||
CVE-2019-11527 | 1 Softing | 2 Uagate Si, Uagate Si Firmware | 2019-10-15 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter. | |||||
CVE-2014-6616 | 1 Softing | 2 Fg-100 Profibus, Fg-x00 Profibus Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. |