Description
Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects:

smartLink SW-PN: through 1.03

smartLink SW-HT: through 1.42
Published: 2026-03-16
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap Buffer Overflow
Action: Patch
AI Analysis

Impact

A heap‑based buffer overflow exists in Softing Industrial Automation GmbH smartLink SW-PN and SW-HT webserver modules. The flaw is triggered by an HTTP POST request with a specific higher content length, allowing the overflow of internal buffers. This vulnerability can potentially lead to arbitrary code execution or corruption of system memory, compromising the confidentiality, integrity, and availability of the affected device.

Affected Systems

Softing smartLink SW-PN versions 1.03 and earlier, and softLink SW-HT versions 1.42 and earlier are affected. The vendor lists the affected products as Softing:smartLink SW-PN and Softing:smartLink SW-HT with the corresponding vulnerable firmware ranges.

Risk and Exploitability

The CVSS score for this vulnerability is 7.7, indicating a high severity. EPSS data is not available, and the vulnerability is not present in the CISA KEV catalog. Based on the description, the likely attack vector is remote, involving a malicious HTTP POST request over the network. The exploitation requires sending a specially crafted payload to the webserver, and no additional conditions are stated. The risk is therefore high for organizations running affected firmware on exposed networks.

Generated by OpenCVE AI on March 17, 2026 at 11:22 UTC.

Remediation

Vendor Solution

Update firmware for smartLink SW-PN: to 1.04 smartLink SW-HT: to 1.43

OpenCVE Recommended Actions

  • Apply vendor firmware update to smartLink SW-PN 1.04
  • Apply vendor firmware update to smartLink SW-HT 1.43

Generated by OpenCVE AI on March 17, 2026 at 11:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
References

Fri, 27 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
References

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT (Webserver modules) allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42
Title HTTP POST with specific higher content length leads into heap corruption
First Time appeared Softing
Softing smartlink Sw-ht
Softing smartlink Sw-pn
Weaknesses CWE-122
CPEs cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*
cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*
cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*
Vendors & Products Softing
Softing smartlink Sw-ht
Softing smartlink Sw-pn
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/AU:Y/R:A/RE:L/U:Red'}

Subscriptions

Softing Smartlink Sw-ht Smartlink Sw-pn
cve-icon MITRE

Status: PUBLISHED

Assigner: Softing

Published:

Updated: 2026-03-27T08:12:30.109Z

Reserved: 2025-09-18T12:45:55.230Z

Link: CVE-2025-10685

cve-icon Vulnrichment

Updated: 2026-03-16T14:41:56.569Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:17:53.890

Modified: 2026-03-27T09:16:18.103

Link: CVE-2025-10685

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:31Z

Weaknesses