CVE-2023-7339
Stack-Based Buffer Overflow in Softing Industrial Gateways
Publication date: 2026-03-27
Last updated on: 2026-03-27
Assigner: Softing
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| softing_industrial_automation_gmbh | pngate | to 1.30 (inc) |
| softing_industrial_automation_gmbh | epgate | to 1.30 (inc) |
| softing_industrial_automation_gmbh | mbgate | to 1.30 (inc) |
| softing_industrial_automation_gmbh | smartlink_hw_dp | to 1.30 (inc) |
| softing_industrial_automation_gmbh | smartlink_hw_pn | to 1.01 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in Softing Industrial Automation GmbH gateways. It allows buffers to be overflowed, which can lead to unexpected behavior or crashes in the affected devices.
- Affected products include pnGate, epGate, mbGate, smartLink HW-DP, and smartLink HW-PN with versions up to 1.30 or 1.01 depending on the product.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the affected gateway devices due to the stack-based buffer overflow. This can disrupt industrial automation processes that rely on these gateways.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability described in CVE-2023-7339 affects availability only, with no impact on confidentiality or integrity of data.
Since the vulnerability does not lead to loss or compromise of personal or sensitive data, it does not directly affect compliance with data protection regulations such as GDPR or HIPAA.
However, the availability impact could indirectly affect operational requirements under such standards if the affected systems are critical to compliance processes.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects specific versions of Softing Industrial Automation GmbH gateways, including pnGate, epGate, mbGate, smartLink HW-DP, and smartLink HW-PN. Detection involves identifying if these affected versions are present on your network or system.
You can detect the vulnerability by checking the software versions of the affected products. For example, use commands or tools to query the version of the gateway software installed.
- For Linux-based systems, use commands like `ssh user@device 'software_version_command'` or `snmpwalk` to query device information.
- Check network traffic for unusual or malformed data packets targeting these gateways, which might indicate exploitation attempts.
- Use network scanning tools to identify devices running the affected gateway software versions.
Specific commands depend on the device and environment; however, verifying the version against the vulnerable versions (up to 1.30 for most products, 1.01 for smartLink HW-PN) is essential.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the affected Softing Industrial Automation GmbH gateway products to the fixed versions.
- Upgrade pnGate to version 1.34 or later.
- Upgrade smartLink HW-DP to version 1.31 or later.
- Upgrade smartLink HW-PN to version 1.02 or later.
- For epGate and mbGate, ensure to check for any available updates or patches from Softing, as the fixed versions are not explicitly listed.
Additionally, restrict network access to these devices to trusted sources only, monitor for unusual activity, and apply standard network security best practices to reduce exposure.