CVE-2020-14522
published 2020-08-25CVE-2020-14522: Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.49%
70.8th percentile
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softing | opc | < 4.47.0 | 4.47.0 |
| softing_industrial_automation_all_versions_prior_to_the_latest_build_of_version | opc | >= All versions < 4.47.0 | 4.47.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Softing Industrial Automation OPC
cisa_ics·2020-07-28·CVSS 7.5
[HIGH] Softing Industrial Automation OPC
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Softing Industrial Automation OPC
Last RevisedJuly 28, 2020
Alert CodeICSA-20-210-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Softing Industrial Automation, GmbH
- Equipment: OPC
- Vulnerabilities: Heap-based Buffer Overflow, Uncontrolled Resource Consumption
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed. A buffer-overflow condition may also allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions
GHSA
GHSA-2c27-5cx3-qcjh: Softing Industrial Automation all versions prior to the latest build of version 4
ghsa_unreviewed·2022-05-24
CVE-2020-14522 [MEDIUM] GHSA-2c27-5cx3-qcjh: Softing Industrial Automation all versions prior to the latest build of version 4
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-25
Published