SoftingIndustrial / OPC-Classic-SDK

Softing OPC Classic SDK
https://industrial.softing.com/de/produkte/opc-ua-und-opc-classic-sdks.html
MIT License
55 stars 24 forks source link

Vulnerable copy of libexpat in folder /development/core/src/SOCmn/expat? #1

Closed hartwork closed 3 years ago

hartwork commented 3 years ago

Hi!

From a quick look, the copy of libexpat at https://github.com/SoftingIndustrial/OPC-Classic-SDK/tree/main/development/core/src/SOCmn/expat is old and vulnerable — every release before 2.2.8 is. Are you aware?

Best, Sebastian

FischerSeb commented 3 years ago

Hi, we are aware of this issue. This applies if you are using OPC-XML. This functionality in this product was discontinued from Softing long before those vulnerabilities were known. Therefore we did not fix this issues.