CVE-2022-1748

Name of the Vulnerable Software and Affected Versions Softing OPC UA C++ Server SDK (affected versions not specified) Softing Secure Integration Server (affected versions not specified) Softing edgeAggregator (affected versions not specified) Softing edgeConnector (affected versions not specified) Softing OPC Suite (affected versions not specified) Softing uaGate (affected versions not specified)

Description The issue is related to a NULL pointer dereference vulnerability in the implementation of OPC UA methods in Softing software. This vulnerability can be exploited by a remote attacker to cause a denial-of-service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the NULL pointer dereference vulnerability, which can be triggered by sending specific OPC UA messages.

Recommendations For Softing OPC UA C++ Server SDK, consider disabling the vulnerable OPC UA functionality until a patch is available. For Softing Secure Integration Server, restrict access to the server to minimize the risk of exploitation. For Softing edgeAggregator, avoid using the affected edgeAggregator module in critical operations until the issue is resolved. For Softing edgeConnector, temporarily disable the edgeConnector functionality to prevent potential exploitation. For Softing OPC Suite, restrict access to the suite's OPC UA features to minimize the risk of exploitation. For Softing uaGate, consider disabling the uaGate functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.