PT-2026-25710 · Softing · Smartlink Sw-Ht+1
Openvas
·
Publicado
2026-03-16
·
Atualizado
2026-03-16
·
CVE-2025-10461
CVSS v4.0
5.3
Média
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Green |
Name of the Vulnerable Software and Affected Versions
Softing Industrial Automation GmbH smartLinks versions through 1.42
Softing Industrial Automation GmbH smartLinks SW-PN versions through 1.03
Description
An issue exists in the webserver component of Softing Industrial Automation GmbH smartLinks, specifically within the filesystem modules on docker. Improper URL checks can lead to global file reads, potentially allowing unauthorized file access.
Recommendations
Update smartLinks to a version later than 1.42.
Update smartLinks SW-PN to a version later than 1.03.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Smartlink Sw-Ht
Smartlink Hw-Pn