Description
NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
Published: 2026-03-17
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A null pointer dereference in the smartLink SW-HT webserver modules is triggered by scanning for higher HART revision devices. The vulnerability causes the webserver to crash, leading to a denial of service. It is identified as a CWE-476 weakness, affecting the availability of the device without compromising confidentiality or integrity.

Affected Systems

Softing Industrial Automation GmbH smartLink SW-HT Webserver modules are affected. The vulnerability impacts firmware version 1.43, as indicated by the vendor advisory and the listed CPE string. No other versions are listed as affected.

Risk and Exploitability

The CVSS score is 6.8, reflecting moderate severity. EPSS data are not available, so the likelihood of exploitation cannot be quantified. The vulnerability is not in the CISA KEV catalog. Exploit requires an HTTP request to the webserver, implying a local or network‑based attack vector. The risk is moderate, and the vulnerability is exploitable by any host that can reach the webserver over HTTP.

Generated by OpenCVE AI on March 17, 2026 at 16:46 UTC.

Remediation

Vendor Solution

Update smartLink SW-HT to patch V1.43.1 firmware.

OpenCVE Recommended Actions

  • Update the smartLink SW-HT firmware to version 1.43.1 according to the vendor patch.
  • If immediate patching is not possible, block or restrict HTTP access to the webserver’s management interface from untrusted networks.

Generated by OpenCVE AI on March 17, 2026 at 16:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
References

Fri, 27 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
References

Tue, 17 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.
Title Scanning for higher HART revision device leads into NULL pointer dereference in live list
First Time appeared Softing
Softing smartlink Sw-ht
Weaknesses CWE-476
CPEs cpe:2.3:a:softing:smartlink_sw-ht:1.43.1:*:*:*:*:*:*:*
cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*
Vendors & Products Softing
Softing smartlink Sw-ht
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/RE:L/U:Red'}

Subscriptions

Softing Smartlink Sw-ht
cve-icon MITRE

Status: PUBLISHED

Assigner: Softing

Published:

Updated: 2026-03-27T08:09:49.360Z

Reserved: 2025-11-19T14:07:24.595Z

Link: CVE-2025-13406

cve-icon Vulnrichment

Updated: 2026-03-17T14:49:58.782Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-17T15:16:15.143

Modified: 2026-03-27T09:16:18.277

Link: CVE-2025-13406

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:49:17Z

Weaknesses