Vulnerability Description
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softing | Edgeaggregator | <= 3.50 |
| Softing | Edgeconnector | <= 3.50 |
| Softing | Opc | <= 5.22 |
| Softing | Opc Ua C\+\+ Software Development Kit | <= 6.00 |
| Softing | Secure Integration Server | <= 1.22 |
| Softing | Uagates | <= 1.74 |
Related Weaknesses (CWE)
References
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.htmlMitigationVendor Advisory
- https://softing.comVendor Advisory
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.htmlMitigationVendor Advisory
- https://softing.comVendor Advisory
FAQ
What is CVE-2022-37453?
CVE-2022-37453 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.
How severe is CVE-2022-37453?
CVE-2022-37453 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37453?
Check the references section above for vendor advisories and patch information. Affected products include: Softing Edgeaggregator, Softing Edgeconnector, Softing Opc, Softing Opc Ua C\+\+ Software Development Kit, Softing Secure Integration Server.