Platform
other
Component
softing-smartlink-hw-dp-hw-pn-webserver
Fixed in
1.31.1
1.02
CVE-2024-14028 describes a denial-of-service (DoS) vulnerability affecting the Softing smartLink HW-DP and HW-PN webserver. This vulnerability stems from a use-after-free condition triggered by malicious HTTP requests, potentially causing the server to crash or become unresponsive. The vulnerability impacts smartLink HW-DP versions up to 1.31 and smartLink HW-PN versions before 1.02. A fix is available in version 1.02.
Successful exploitation of CVE-2024-14028 allows an attacker to induce a denial-of-service condition on the affected Softing smartLink HW-DP or HW-PN webserver. This means legitimate users and applications relying on the webserver will be unable to access its functionality. The impact can range from temporary service disruption to complete system unavailability, potentially impacting industrial control systems or data acquisition processes where these devices are deployed. While the vulnerability doesn't directly lead to data exfiltration or remote code execution, the DoS can be used as a distraction technique or to disrupt critical operations.
CVE-2024-14028 was publicly disclosed on 2026-03-27. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept (PoC) exploits are not currently available, but the use-after-free nature of the vulnerability suggests that exploitation is possible with sufficient effort. The vulnerability's impact is primarily limited to DoS, reducing the immediate urgency compared to vulnerabilities with more severe consequences.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-14028 is to upgrade the Softing smartLink HW-DP or HW-PN webserver to version 1.02 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing rate limiting on the webserver to restrict the number of HTTP requests from a single source. Web application firewalls (WAFs) can also be configured to detect and block malicious HTTP request patterns that could trigger the use-after-free condition. After upgrading, verify the fix by attempting to trigger the vulnerability with known malicious HTTP requests and confirming that the server remains stable.
Update the firmware of Softing smartLink HW-DP to a version later than 1.31 and smartLink HW-PN to version 1.02 or later. This will resolve the use-after-free vulnerability that allows denial of service (DoS) attacks via HTTP.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-14028 is a denial-of-service vulnerability in the Softing smartLink HW-DP and HW-PN webserver, allowing attackers to crash the server via HTTP requests. It has a medium severity rating (CVSS 6.5).
You are affected if you are using smartLink HW-DP versions ≤1.31 or smartLink HW-PN versions before 1.02. Check your current version against the affected ranges.
Upgrade to version 1.02 or later. If immediate upgrade is not possible, implement rate limiting and consider WAF rules to mitigate the risk.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests potential for exploitation.
Refer to the Softing security advisory for detailed information and instructions: [https://www.softing.com/security-advisories/](https://www.softing.com/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.