CVE-2023-7339 - Vulnerability Details

- Data collection for dowloading leads into buffer overflow

Description

Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers.
This issue affects
pnGate: through 1.30
epGate: through 1.30
mbGate: through 1.30
smartLink HW-DP: through 1.30
smartLink HW-PN: through 1.01.

Published: 2026-03-27

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability is a stack‑based buffer overflow that allows an attacker to send crafted data to Softing Industrial Automation gateway devices and corrupt stack memory. The overflow can lead to arbitrary code execution or cause the device to crash. The impact on a supervisory control system is the potential compromise of device integrity and availability, which could threaten the safety and reliability of the processes it controls.

Affected Systems

Affected products include Softing pnGate (vulnerable through 1.30), epGate (vulnerable through 1.30), mbGate (vulnerable through 1.30), smartLink HW‑DP (vulnerable through 1.30), and smartLink HW‑PN (vulnerable through 1.01). Official fixes exist for pnGate (1.34), smartLink HW‑DP (1.31), and smartLink HW‑PN (1.02). No fix for epGate or mbGate has been released; affected users should monitor vendor releases and contact Softing for guidance.

Risk and Exploitability

The CVSS score of 6.5 denotes moderate severity. No EPSS score is available, so the precise likelihood of exploitation cannot be quantified, but the presence of a buffer overflow and the lack of a patch for several devices raises concerns. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation has been reported. Based on the description, the likely attack vector is remote network or command‑protocol interaction, where an attacker sends maliciously constructed data packets that trigger the stack overflow.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Softing

pnGate

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.30
`1.34`	unaffected	—

Softing

epGate

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.30

Softing

mbGate

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.30

Softing

smartLink HW-DP

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.30
`1.31`	unaffected	—

Softing

smartLink HW-PN

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.01
`1.02`	unaffected	—

No data.

Vendor Product Confidence Versions

Softing

Epgate

100%

Version	Status	Scheme	Platform
`[0,1.30]`	affected	generic	—

Softing

Mbgate

100%

Version	Status	Scheme	Platform
`[0,1.30]`	affected	generic	—

Softing

Pngate

100%

Version	Status	Scheme	Platform
`[0,1.30]`	affected	generic	—
`1.34`	unaffected	generic	—

Softing

Smartlink Hw-dp

95%

Version	Status	Scheme	Platform
`[0,1.30]`	affected	generic	—
`1.31`	unaffected	generic	—

Softing

Smartlink Hw-pn

95%

Version	Status	Scheme	Platform
`[0,1.01]`	affected	generic	—
`1.02`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

pnGate: fixed with 1.34

OpenCVE Recommended Actions

Upgrade pnGate to version 1.34 or later.
Upgrade smartLink HW‑DP to version 1.31 or later.
Upgrade smartLink HW‑PN to version 1.02 or later.
Monitor epGate and mbGate for an official patch; contact Softing for guidance when no update is available.
Verify all firmware versions against the fixed release numbers and apply updates promptly.
If patching cannot occur immediately, isolate the affected devices from external networks until a fix is available.

Generated by OpenCVE AI on March 27, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html
https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json

History

Fri, 27 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 27 Mar 2026 11:15:00 +0000

Type	Values Removed	Values Added
Description		Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01.
Title		Data collection for dowloading leads into buffer overflow
First Time appeared		Softing Softing epgate Softing mbgate Softing pngate Softing smartlink Hw-dp Softing smartlink Hw-pn
Weaknesses		CWE-121
CPEs		cpe:2.3:a:softing:epgate:::::::: cpe:2.3:a:softing:mbgate:::::::: cpe:2.3:a:softing:pngate:::::::: cpe:2.3:a:softing:pngate:1.34:::::::* cpe:2.3:a:softing:smartlink_hw-dp:::::::: cpe:2.3:a:softing:smartlink_hw-dp:1.31:::::::* cpe:2.3:a:softing:smartlink_hw-pn:::::::: cpe:2.3:a:softing:smartlink_hw-pn:1.02:::::::*
Vendors & Products		Softing Softing epgate Softing mbgate Softing pngate Softing smartlink Hw-dp Softing smartlink Hw-pn
References		https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.html https://industrial.softing.com/fileadmin/psirt/downloads/2023/CVE-2023-7339.json
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Softing Epgate Mbgate Pngate Smartlink Hw-dp Smartlink Hw-pn

MITRE

Status: PUBLISHED

Assigner: Softing

Published: 2026-03-27T10:53:07.778Z

Updated: 2026-03-27T12:21:25.031Z

Reserved: 2026-03-27T10:08:58.402Z

Link: CVE-2023-7339

Vulnrichment

Updated: 2026-03-27T12:21:08.049Z

NVD

Status : Awaiting Analysis

Published: 2026-03-27T11:16:01.863

Modified: 2026-03-30T13:26:29.793

Link: CVE-2023-7339

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T07:59:45Z

Weaknesses

CWE-121

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object