Softing Industrial Automation GmbH OPC UA C++ SDK
Moderate fix1 remedy
cpe:2.3:a:softing:opc_ua_c++_software_development_kit:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 6.40, <= 6.80
Softing Industrial Automation OPC UA C++ SDK, edgeConnector, and edgeAggregator Client Certificate Trust Check Bypass Vulnerability
Vulnerability
Patched
A vulnerability exists that allows a malicious client to bypass the client certificate trust verification on an opc.https server. This issue arises when the server endpoint is set to permit only secure communication. The vulnerability is present in Softing Industrial Automation OPC UA C++ SDK versions 6.40 through 6.80 (unaffected from 6.80.1), as well as in edgeConnector and edgeAggregator products through version 2025.03.
Impact
Exploiting this vulnerability can lead to authentication bypass, allowing clients to connect to the server without proper certificate validation.
Remediation
Users of the Softing Industrial Automation OPC UA C++ SDK should upgrade to version 6.80.1. Instructions for this update can be found on the Softing Industrial Automation OPC UA C++ SDK product page. Users of edgeConnector and edgeAggregator should consult the respective product pages for update instructions.
Added: Aug 21, 2025, 6:18 AM
Updated: Aug 21, 2025, 6:18 AM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
5.0exploitability
7.4remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.