Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Softing Subscribe
Total 28 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11526 1 Softing 2 Uagate Si, Uagate Si Firmware 2021-07-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.
CVE-2019-11528 1 Softing 2 Uagate Si, Uagate Si Firmware 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.
CVE-2021-29661 1 Softing 1 Opc Toolbox 2021-04-07 3.5 LOW 5.4 MEDIUM
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
CVE-2021-29660 1 Softing 1 Opc Toolbox 2021-04-07 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.
CVE-2020-14522 1 Softing 1 Opc 2020-08-28 5.0 MEDIUM 7.5 HIGH
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
CVE-2019-15051 1 Softing 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more 2020-08-24 9.0 HIGH 8.8 HIGH
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
CVE-2019-11527 1 Softing 2 Uagate Si, Uagate Si Firmware 2019-10-15 9.0 HIGH 8.8 HIGH
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.
CVE-2014-6616 1 Softing 2 Fg-100 Profibus, Fg-x00 Profibus Firmware 2018-10-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/.