{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-14028", "assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "state": "PUBLISHED", "assignerShortName": "Softing", "dateReserved": "2026-03-23T15:31:51.510Z", "datePublished": "2026-03-27T05:53:40.991Z", "dateUpdated": "2026-03-27T05:53:40.991Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "shortName": "Softing", "dateUpdated": "2026-03-27T05:53:40.991Z"}, "title": "Multiple implicit reads in parallel can result in a crash or denial of service", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use after free", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "affected": [{"vendor": "Softing", "product": "smartLink HW-DP", "modules": ["webserver"], "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.31", "versionType": "custom"}, {"status": "unaffected", "version": "1.32", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Softing", "product": "smartLink HW-PN", "modules": ["webserver"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.02", "versionType": "custom"}, {"status": "unaffected", "version": "1.02", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:softing:smartlink_hw-dp:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndIncluding": "1.31"}, {"vulnerable": false, "criteria": "cpe:2.3:a:softing:smartlink_hw-dp:1.32:*:*:*:*:*:*:*"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:softing:smartlink_hw-pn:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "1.02"}, {"vulnerable": false, "criteria": "cpe:2.3:a:softing:smartlink_hw-pn:1.02:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\nThis issue affects:\nsmartLink HW-DP: through 1.31\nsmartLink HW-PN: before 1.02.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.<br>This issue affects:<br>smartLink HW-DP: through 1.31<br>smartLink HW-PN: before 1.02.</p>"}]}], "references": [{"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.html"}, {"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}}], "solutions": [{"lang": "en", "value": "Update firmware for\nsmartLink HW-DP: to 1.32\nsmartLink HW-PN: to 1.02.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Update firmware for<br>smartLink HW-DP: to 1.32<br>smartLink HW-PN: to 1.02.</p>"}]}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS.\nThis issue affects:\nsmartLink HW-DP: through 1.31\nsmartLink HW-PN: before 1.02."}], "id": "CVE-2024-14028", "lastModified": "2026-03-27T06:16:35.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "type": "Secondary"}]}, "published": "2026-03-27T06:16:35.863", "references": [{"source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.html"}, {"source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "url": "https://industrial.softing.com/fileadmin/psirt/downloads/2024/CVE-2024-14028.json"}], "sourceIdentifier": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T07:20:38.773747+00:00", "value": {"mitigation_remediation": ["Update firmware for smartLink HW-DP to version 1.32", "Update firmware for smartLink HW-PN to version 1.02"], "summary": {"action": "Patch Firmware", "impact": "Denial of Service via HTTP"}, "threat_synthesis": {"affected_systems": "The flaw affects Softing smartLink HW-DP firmware versions up to and including 1.31, and Softing smartLink HW-PN firmware versions before 1.02. Devices running any of these firmware releases are susceptible to the vulnerability.", "description_and_impact": "Use-after-free vulnerability in the webserver of Softing smartLink HW-DP and HW-PN devices can cause the server to crash or become unavailable when multiple implicit reads are performed in parallel. The flaw originates from improper memory handling after an object has been freed (CWE-416), leading to a denial-of-service condition that disrupts the device\u2019s network services.", "risk_and_exploitability": "The CVSS base score is 6.5, indicating a medium severity level. Exploit probability data (EPSS) is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the flaw remotely by sending crafted HTTP requests to the device over its network interface; no local privilege is required. Because the device may be exposed in industrial control environments, an unpatched unit could experience periods of unusability due to repeated crashes."}}}}, "created": "2026-03-27T09:22:06.350421+00:00", "updated": "2026-03-27T09:22:06.350443+00:00", "vendors": []}