Refine your search
2 vulnerabilities found for smartLink SW-PN by Softing
CVE-2025-10461 (GCVE-0-2025-10461)
Vulnerability from cvelistv5
Published
2026-03-16 13:27
Modified
2026-03-27 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.
This issue affects
smartLink SW-HT: through 1.42
smartLink SW-PN: through 1.03.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Softing | smartLink SW-HT |
Version: 0 < Patch: 1.43 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:27:44.548413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:27:51.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "OpenVAS"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\n\n\n\nThis issue affects\n\nsmartLink SW-HT: through 1.42\n\nsmartLink SW-PN: through 1.03."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:13:41.200Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003esmartLink SW-HT: 1.43\u003c/p\u003esmartLink SW-PN: 1.04\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This issue is fixed in\n\n\n\n\n\nsmartLink SW-HT: 1.43\n\nsmartLink SW-PN: 1.04"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Global file reads caused by improper URL checks in webserver",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10461",
"datePublished": "2026-03-16T13:27:21.381Z",
"dateReserved": "2025-09-15T05:57:59.903Z",
"dateUpdated": "2026-03-27T08:13:41.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10685 (GCVE-0-2025-10685)
Vulnerability from cvelistv5
Published
2026-03-16 13:14
Modified
2026-03-27 08:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:
smartLink SW-PN: through 1.03
smartLink SW-HT: through 1.42
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Softing | smartLink SW-PN |
Version: 0 < Patch: 1.04 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:41:54.340261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:41:59.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Webserver"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Frank Renner"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e"
}
],
"value": "Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:\n\nsmartLink SW-PN: through 1.03\n\nsmartLink SW-HT: through 1.42"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/AU:Y/R:A/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:12:30.109Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10685.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate firmware for\u003c/p\u003e\u003cp\u003esmartLink SW-PN: to 1.04\u003c/p\u003e\u003cp\u003esmartLink SW-HT: to 1.43\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update firmware for\n\nsmartLink SW-PN: to 1.04\n\nsmartLink SW-HT: to 1.43"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTTP POST with specific higher content length leads into heap corruption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10685",
"datePublished": "2026-03-16T13:14:49.030Z",
"dateReserved": "2025-09-18T12:45:55.230Z",
"dateUpdated": "2026-03-27T08:12:30.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}