Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508.
References
| Link | Resource |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1065/ | Third Party Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-23-1065/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Aug 2025, 00:04
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.zerodayinitiative.com/advisories/ZDI-23-1065/ - Third Party Advisory | |
| CPE | cpe:2.3:a:softing:edgeconnector:*:*:*:*:*:*:*:* cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:* cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:* |
|
| First Time |
Softing edgeaggregator
Softing edgeconnector Softing secure Integration Server Softing |
Information
Published : 2024-05-03 02:15
Updated : 2025-08-13 00:04
NVD link : CVE-2023-27336
Mitre link : CVE-2023-27336
CVE.ORG link : CVE-2023-27336
JSON object : View
Products Affected
softing
- edgeconnector
- secure_integration_server
- edgeaggregator
CWE
CWE-476
NULL Pointer Dereference