Search

Find a vulnerability

Search criteria

    6 vulnerabilities by Softing Industrial Automation GmbH

    CVE-2025-10151 (GCVE-0-2025-10151)

    Vulnerability from nvd – Published: 2025-10-28 07:25 – Updated: 2025-10-28 13:27
    VLAI
    Title
    Malicious TCP/IP thread locking leads into diverse malfunctions
    Summary
    Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10151",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T13:23:50.979355Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T13:27:14.343Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "smartLink HW-PN",
              "vendor": "Softing Industrial Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.03",
                  "status": "affected",
                  "version": "1.02",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "smartLink HW-DP",
              "vendor": "Softing Industrial Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.31",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink HW-PN: from 1.02 through 1.03\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.31\u003c/p\u003e"
                }
              ],
              "value": "Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects\n\nsmartLink HW-PN: from 1.02 through 1.03\n\nsmartLink HW-DP: 1.31"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-456",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-456 Infected Memory"
                }
              ]
            },
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/AU:Y/R:U/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-667",
                  "description": "CWE-667 Improper Locking",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-28T07:25:39.639Z",
            "orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
            "shortName": "Softing"
          },
          "references": [
            {
              "tags": [
                "x_html"
              ],
              "url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10151.html"
            },
            {
              "tags": [
                "x_json"
              ],
              "url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10151.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003esmartLink HW-PN: 1.04\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.32\u003c/p\u003e"
                }
              ],
              "value": "This issue is fixed in\n\nsmartLink HW-PN: 1.04\n\nsmartLink HW-DP: 1.32"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Malicious TCP/IP thread locking leads into diverse malfunctions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
        "assignerShortName": "Softing",
        "cveId": "CVE-2025-10151",
        "datePublished": "2025-10-28T07:25:39.639Z",
        "dateReserved": "2025-09-09T07:27:10.152Z",
        "dateUpdated": "2025-10-28T13:27:14.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10150 (GCVE-0-2025-10150)

    Vulnerability from nvd – Published: 2025-10-28 07:24 – Updated: 2025-10-28 13:28
    VLAI
    Title
    Webserver crash caused by scanning on TCP port 80
    Summary
    Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T13:27:44.147539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T13:28:01.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "smartLink HW-PN",
              "vendor": "Softing Industrial Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.03",
                  "status": "affected",
                  "version": "1.02",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "smartLink HW-DP",
              "vendor": "Softing Industrial Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.31",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-pn:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "1.03",
                      "versionStartIncluding": "1.02",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-dp:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "1.31",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink HW-PN: from 1.02 through 1.03\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.31\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects\n\nsmartLink HW-PN: from 1.02 through 1.03\n\nsmartLink HW-DP: 1.31"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-25",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-25 Forced Deadlock"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-833",
                  "description": "CWE-833: Deadlock",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-28T07:24:38.296Z",
            "orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
            "shortName": "Softing"
          },
          "references": [
            {
              "tags": [
                "x_html"
              ],
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.html"
            },
            {
              "tags": [
                "x_json"
              ],
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003esmartLink HW-PN: 1.04\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.32\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "This issue is fixed in\n\nsmartLink HW-PN: 1.04\n\nsmartLink HW-DP: 1.32"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Webserver crash caused by scanning on TCP port 80",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
        "assignerShortName": "Softing",
        "cveId": "CVE-2025-10150",
        "datePublished": "2025-10-28T07:24:38.296Z",
        "dateReserved": "2025-09-09T07:27:03.262Z",
        "dateUpdated": "2025-10-28T13:28:01.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7390 (GCVE-0-2025-7390)

    Vulnerability from nvd – Published: 2025-08-21 06:08 – Updated: 2026-03-27 08:36
    VLAI
    Title
    Bypass the client certificate trust check of an opc.https server while only secure communication is allowed
    Summary
    A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Softing OPC UA C++ SDK Affected: 6.40 , ≤ 6.80 (custom)
    Unaffected: 6.80.1 (custom)
    Create a notification for this product.
    Softing edgeConnector Affected: 0 , ≤ 2025.03 (custom)
    Unaffected: SDEX Suite V1.0 (custom)
    Create a notification for this product.
    Softing edgeAggregator Affected: 0 , ≤ 2025.03 (custom)
    Unaffected: SDEX Suite V1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-08-14 06:37
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7390",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-21T13:51:51.306799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-21T13:53:15.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://industrial.softing.com/products/opc-ua-and-opc-classic-sdks/opc-ua-c-sdks-for-windows.html",
              "defaultStatus": "unaffected",
              "modules": [
                "opc.https server"
              ],
              "platforms": [
                "Windows",
                "Linux",
                "VxWorks"
              ],
              "product": "OPC UA C++ SDK",
              "vendor": "Softing",
              "versions": [
                {
                  "lessThanOrEqual": "6.80",
                  "status": "affected",
                  "version": "6.40",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "6.80.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeconnector.html",
              "defaultStatus": "affected",
              "platforms": [
                "Linux"
              ],
              "product": "edgeConnector",
              "vendor": "Softing",
              "versions": [
                {
                  "lessThanOrEqual": "2025.03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "SDEX Suite V1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeaggregator.html",
              "defaultStatus": "affected",
              "platforms": [
                "Linux"
              ],
              "product": "edgeAggregator",
              "vendor": "Softing",
              "versions": [
                {
                  "lessThanOrEqual": "2025.03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "SDEX Suite V1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "6.80",
                      "versionStartIncluding": "6.40",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:linux:*:*:*:*:*",
                      "versionEndIncluding": "6.80",
                      "versionStartIncluding": "6.40",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:vxworks:*:*:*:*:*",
                      "versionEndIncluding": "6.80",
                      "versionStartIncluding": "6.40",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:vxworks:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing:edgeconnector:*:*:linux:*:*:*:*:*",
                      "versionEndIncluding": "2025.03",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:edgeconnector:sdex_suite_v1.0:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing:edgeaggregator:*:*:linux:*:*:*:*:*",
                      "versionEndIncluding": "2025.03",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:edgeaggregator:sdex_suite_v1.0:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "datePublic": "2025-08-14T06:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
                }
              ],
              "value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T08:36:30.497Z",
            "orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
            "shortName": "Softing"
          },
          "references": [
            {
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.html"
            },
            {
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OPC UA C++ SDK V6.80.1 Service-Patch\u003cbr\u003e"
                }
              ],
              "value": "OPC UA C++ SDK V6.80.1 Service-Patch"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "edgeAggregator \u0026amp; edgeConnector are now integrated in SDEX Suite: fix with V1.0"
                }
              ],
              "value": "edgeAggregator \u0026 edgeConnector are now integrated in SDEX Suite: fix with V1.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Bypass the client certificate trust check of an opc.https server while only secure communication is allowed",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
        "assignerShortName": "Softing",
        "cveId": "CVE-2025-7390",
        "datePublished": "2025-08-21T06:08:00.210Z",
        "dateReserved": "2025-07-09T13:09:38.988Z",
        "dateUpdated": "2026-03-27T08:36:30.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10151 (GCVE-0-2025-10151)

    Vulnerability from cvelistv5 – Published: 2025-10-28 07:25 – Updated: 2025-10-28 13:27
    VLAI
    Title
    Malicious TCP/IP thread locking leads into diverse malfunctions
    Summary
    Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10151",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T13:23:50.979355Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T13:27:14.343Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "smartLink HW-PN",
              "vendor": "Softing Industrial Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.03",
                  "status": "affected",
                  "version": "1.02",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "smartLink HW-DP",
              "vendor": "Softing Industrial Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.31",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink HW-PN: from 1.02 through 1.03\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.31\u003c/p\u003e"
                }
              ],
              "value": "Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects\n\nsmartLink HW-PN: from 1.02 through 1.03\n\nsmartLink HW-DP: 1.31"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-456",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-456 Infected Memory"
                }
              ]
            },
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/AU:Y/R:U/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-667",
                  "description": "CWE-667 Improper Locking",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-28T07:25:39.639Z",
            "orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
            "shortName": "Softing"
          },
          "references": [
            {
              "tags": [
                "x_html"
              ],
              "url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10151.html"
            },
            {
              "tags": [
                "x_json"
              ],
              "url": "https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10151.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003esmartLink HW-PN: 1.04\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.32\u003c/p\u003e"
                }
              ],
              "value": "This issue is fixed in\n\nsmartLink HW-PN: 1.04\n\nsmartLink HW-DP: 1.32"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Malicious TCP/IP thread locking leads into diverse malfunctions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
        "assignerShortName": "Softing",
        "cveId": "CVE-2025-10151",
        "datePublished": "2025-10-28T07:25:39.639Z",
        "dateReserved": "2025-09-09T07:27:10.152Z",
        "dateUpdated": "2025-10-28T13:27:14.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10150 (GCVE-0-2025-10150)

    Vulnerability from cvelistv5 – Published: 2025-10-28 07:24 – Updated: 2025-10-28 13:28
    VLAI
    Title
    Webserver crash caused by scanning on TCP port 80
    Summary
    Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T13:27:44.147539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T13:28:01.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "smartLink HW-PN",
              "vendor": "Softing Industrial Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.03",
                  "status": "affected",
                  "version": "1.02",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "smartLink HW-DP",
              "vendor": "Softing Industrial Automation GmbH",
              "versions": [
                {
                  "lessThanOrEqual": "1.31",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-pn:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "1.03",
                      "versionStartIncluding": "1.02",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing_industrial_automation_gmbh:smartlink_hw-dp:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "1.31",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink HW-PN: from 1.02 through 1.03\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.31\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects\n\nsmartLink HW-PN: from 1.02 through 1.03\n\nsmartLink HW-DP: 1.31"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-25",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-25 Forced Deadlock"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-833",
                  "description": "CWE-833: Deadlock",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-28T07:24:38.296Z",
            "orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
            "shortName": "Softing"
          },
          "references": [
            {
              "tags": [
                "x_html"
              ],
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.html"
            },
            {
              "tags": [
                "x_json"
              ],
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10150.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003esmartLink HW-PN: 1.04\u003c/p\u003e\u003cp\u003esmartLink HW-DP: 1.32\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "This issue is fixed in\n\nsmartLink HW-PN: 1.04\n\nsmartLink HW-DP: 1.32"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Webserver crash caused by scanning on TCP port 80",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
        "assignerShortName": "Softing",
        "cveId": "CVE-2025-10150",
        "datePublished": "2025-10-28T07:24:38.296Z",
        "dateReserved": "2025-09-09T07:27:03.262Z",
        "dateUpdated": "2025-10-28T13:28:01.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7390 (GCVE-0-2025-7390)

    Vulnerability from cvelistv5 – Published: 2025-08-21 06:08 – Updated: 2026-03-27 08:36
    VLAI
    Title
    Bypass the client certificate trust check of an opc.https server while only secure communication is allowed
    Summary
    A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    Softing OPC UA C++ SDK Affected: 6.40 , ≤ 6.80 (custom)
    Unaffected: 6.80.1 (custom)
    Create a notification for this product.
    Softing edgeConnector Affected: 0 , ≤ 2025.03 (custom)
    Unaffected: SDEX Suite V1.0 (custom)
    Create a notification for this product.
    Softing edgeAggregator Affected: 0 , ≤ 2025.03 (custom)
    Unaffected: SDEX Suite V1.0 (custom)
    Create a notification for this product.
    Date Public
    2025-08-14 06:37
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7390",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-21T13:51:51.306799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-21T13:53:15.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://industrial.softing.com/products/opc-ua-and-opc-classic-sdks/opc-ua-c-sdks-for-windows.html",
              "defaultStatus": "unaffected",
              "modules": [
                "opc.https server"
              ],
              "platforms": [
                "Windows",
                "Linux",
                "VxWorks"
              ],
              "product": "OPC UA C++ SDK",
              "vendor": "Softing",
              "versions": [
                {
                  "lessThanOrEqual": "6.80",
                  "status": "affected",
                  "version": "6.40",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "6.80.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeconnector.html",
              "defaultStatus": "affected",
              "platforms": [
                "Linux"
              ],
              "product": "edgeConnector",
              "vendor": "Softing",
              "versions": [
                {
                  "lessThanOrEqual": "2025.03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "SDEX Suite V1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://industrial.softing.com/de/produkte/docker-container/edgeaggregator.html",
              "defaultStatus": "affected",
              "platforms": [
                "Linux"
              ],
              "product": "edgeAggregator",
              "vendor": "Softing",
              "versions": [
                {
                  "lessThanOrEqual": "2025.03",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "SDEX Suite V1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "6.80",
                      "versionStartIncluding": "6.40",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:linux:*:*:*:*:*",
                      "versionEndIncluding": "6.80",
                      "versionStartIncluding": "6.40",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:*:*:vxworks:*:*:*:*:*",
                      "versionEndIncluding": "6.80",
                      "versionStartIncluding": "6.40",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:opc_ua_c_sdk:6.80.1:*:vxworks:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing:edgeconnector:*:*:linux:*:*:*:*:*",
                      "versionEndIncluding": "2025.03",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:edgeconnector:sdex_suite_v1.0:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:softing:edgeaggregator:*:*:linux:*:*:*:*:*",
                      "versionEndIncluding": "2025.03",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:softing:edgeaggregator:sdex_suite_v1.0:*:linux:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "datePublic": "2025-08-14T06:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
                }
              ],
              "value": "A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T08:36:30.497Z",
            "orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
            "shortName": "Softing"
          },
          "references": [
            {
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.html"
            },
            {
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OPC UA C++ SDK V6.80.1 Service-Patch\u003cbr\u003e"
                }
              ],
              "value": "OPC UA C++ SDK V6.80.1 Service-Patch"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "edgeAggregator \u0026amp; edgeConnector are now integrated in SDEX Suite: fix with V1.0"
                }
              ],
              "value": "edgeAggregator \u0026 edgeConnector are now integrated in SDEX Suite: fix with V1.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Bypass the client certificate trust check of an opc.https server while only secure communication is allowed",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
        "assignerShortName": "Softing",
        "cveId": "CVE-2025-7390",
        "datePublished": "2025-08-21T06:08:00.210Z",
        "dateReserved": "2025-07-09T13:09:38.988Z",
        "dateUpdated": "2026-03-27T08:36:30.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }