Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-2336 (GCVE-0-2022-2336)
Vulnerability from cvelistv5 – Published: 2022-08-17 20:07 – Updated: 2025-04-16 16:13
VLAI
EPSS
Title
Softing Secure Integration Server Improper Authentication
Summary
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
Severity
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://industrial.softing.com/fileadmin/psirt/do… | x_refsource_CONFIRM |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
V1.22
|
|
| Softing | edgeConnector Siemens |
Affected:
V3.10
|
|
| Softing | edgeConnector 840D |
Affected:
V3.10
|
|
| Softing | edgeConnector Modbus |
Affected:
V3.10
|
|
| Softing | edgeAggregator |
Affected:
V3.10
|
Credits
Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:43.764724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:22.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
},
{
"product": "edgeConnector Siemens",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeConnector 840D",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeConnector Modbus",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:07:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-6 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2336",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server Improper Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
},
{
"product_name": "edgeConnector Siemens",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeConnector 840D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeConnector Modbus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeAggregator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-6 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2336",
"datePublished": "2022-08-17T20:07:46.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:22.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-2336",
"date": "2026-05-27",
"epss": "0.00239",
"percentile": "0.46964"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0E07A55-5FA0-402D-BB22-FA8D3D8C484D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62FE322E-A720-4E08-9058-3BAC295E720B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9916828-8213-47D4-B294-8112B241F32C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:opc_ua_c\\\\+\\\\+_software_development_kit:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA185EBD-8048-4B1C-A476-4AE61831ACF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BF8EC24-9C94-4C55-A496-5DD524B981C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.\"}, {\"lang\": \"es\", \"value\": \"Softing Secure Integration Server, edgeConnector y edgeAggregator son enviados con las credenciales de administrador por defecto como \\\"admin\\\" y la contrase\\u00f1a como \\\"admin\\\". Esto permite a Softing iniciar sesi\\u00f3n en el servidor directamente para llevar a cabo funciones administrativas. Tras la instalaci\\u00f3n o el primer inicio de sesi\\u00f3n, la aplicaci\\u00f3n no pide al usuario que cambie la contrase\\u00f1a \\\"admin\\\". No se presenta ninguna advertencia o aviso para pedir al usuario que cambie la contrase\\u00f1a por defecto, y para cambiar la contrase\\u00f1a, son requeridos muchos pasos.\"}]",
"id": "CVE-2022-2336",
"lastModified": "2024-11-21T07:00:47.640",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2022-08-17T21:15:09.137",
"references": "[{\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-2336\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-08-17T21:15:09.137\",\"lastModified\":\"2024-11-21T07:00:47.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.\"},{\"lang\":\"es\",\"value\":\"Softing Secure Integration Server, edgeConnector y edgeAggregator son enviados con las credenciales de administrador por defecto como \\\"admin\\\" y la contrase\u00f1a como \\\"admin\\\". Esto permite a Softing iniciar sesi\u00f3n en el servidor directamente para llevar a cabo funciones administrativas. Tras la instalaci\u00f3n o el primer inicio de sesi\u00f3n, la aplicaci\u00f3n no pide al usuario que cambie la contrase\u00f1a \\\"admin\\\". No se presenta ninguna advertencia o aviso para pedir al usuario que cambie la contrase\u00f1a por defecto, y para cambiar la contrase\u00f1a, son requeridos muchos pasos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0E07A55-5FA0-402D-BB22-FA8D3D8C484D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62FE322E-A720-4E08-9058-3BAC295E720B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9916828-8213-47D4-B294-8112B241F32C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:opc_ua_c\\\\+\\\\+_software_development_kit:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA185EBD-8048-4B1C-A476-4AE61831ACF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF8EC24-9C94-4C55-A496-5DD524B981C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012\"}]}]}],\"references\":[{\"url\":\"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:32:09.614Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-2336\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:53:43.764724Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:53:45.558Z\"}}], \"cna\": {\"title\": \"Softing Secure Integration Server Improper Authentication\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Softing\", \"product\": \"Secure Integration Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"V1.22\"}]}, {\"vendor\": \"Softing\", \"product\": \"edgeConnector Siemens\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.10\"}]}, {\"vendor\": \"Softing\", \"product\": \"edgeConnector 840D\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.10\"}]}, {\"vendor\": \"Softing\", \"product\": \"edgeConnector Modbus\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.10\"}]}, {\"vendor\": \"Softing\", \"product\": \"edgeAggregator\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.10\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\\nSofting Secure Integration Server V1.30 \\n\\nThe latest software packages can be downloaded from the Softing website. \\n\\nSofting recommends the following mitigations and workarounds: \\nChange the admin password or create a new user with administrative rights and delete the default admin user. \\nConfigure the Windows firewall to block network requests to IP port 9000. \\nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \\nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-6 on the Softing security website.\"}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-08-17T20:07:46.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA.\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"V1.22\", \"version_affected\": \"=\"}]}, \"product_name\": \"Secure Integration Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V3.10\", \"version_affected\": \"=\"}]}, \"product_name\": \"edgeConnector Siemens\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V3.10\", \"version_affected\": \"=\"}]}, \"product_name\": \"edgeConnector 840D\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V3.10\", \"version_affected\": \"=\"}]}, \"product_name\": \"edgeConnector Modbus\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V3.10\", \"version_affected\": \"=\"}]}, \"product_name\": \"edgeAggregator\"}]}, \"vendor_name\": \"Softing\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\\nSofting Secure Integration Server V1.30 \\n\\nThe latest software packages can be downloaded from the Softing website. \\n\\nSofting recommends the following mitigations and workarounds: \\nChange the admin password or create a new user with administrative rights and delete the default admin user. \\nConfigure the Windows firewall to block network requests to IP port 9000. \\nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \\nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-6 on the Softing security website.\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html\", \"name\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-287: Improper Authentication\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-2336\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Softing Secure Integration Server Improper Authentication\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-2336\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:13:22.673Z\", \"dateReserved\": \"2022-07-06T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-08-17T20:07:46.000Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2022-2336
Vulnerability from fkie_nvd - Published: 2022-08-17 21:15 - Updated: 2024-11-21 07:00
Severity
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."
},
{
"lang": "es",
"value": "Softing Secure Integration Server, edgeConnector y edgeAggregator son enviados con las credenciales de administrador por defecto como \"admin\" y la contrase\u00f1a como \"admin\". Esto permite a Softing iniciar sesi\u00f3n en el servidor directamente para llevar a cabo funciones administrativas. Tras la instalaci\u00f3n o el primer inicio de sesi\u00f3n, la aplicaci\u00f3n no pide al usuario que cambie la contrase\u00f1a \"admin\". No se presenta ninguna advertencia o aviso para pedir al usuario que cambie la contrase\u00f1a por defecto, y para cambiar la contrase\u00f1a, son requeridos muchos pasos."
}
],
"id": "CVE-2022-2336",
"lastModified": "2024-11-21T07:00:47.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:09.137",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
GHSA-RVXF-X8J2-F3X9
Vulnerability from github – Published: 2022-08-18 00:00 – Updated: 2022-08-23 00:00
VLAI
Details
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as admin and password as admin. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the admin password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-2336"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-17T21:15:00Z",
"severity": "CRITICAL"
},
"details": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.",
"id": "GHSA-rvxf-x8j2-f3x9",
"modified": "2022-08-23T00:00:18Z",
"published": "2022-08-18T00:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2336"
},
{
"type": "WEB",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-2336
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-2336",
"description": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.",
"id": "GSD-2022-2336"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-2336"
],
"details": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.",
"id": "GSD-2022-2336",
"modified": "2023-12-13T01:19:20.203271Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2336",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server Improper Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
},
{
"product_name": "edgeConnector Siemens",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeConnector 840D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeConnector Modbus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeAggregator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-6 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2336"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-08-22T13:32Z",
"publishedDate": "2022-08-17T21:15Z"
}
}
}
ICSA-22-228-04
Vulnerability from csaf_cisa - Published: 2022-08-16 00:00 - Updated: 2022-08-16 00:00Summary
Softing Secure Integration Server
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.
Critical infrastructure sectors: Multiple sectors
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Exploitability: No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely. These vulnerabilities have a low attack complexity.
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.2 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.2 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
5.7 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
edgeAggregator: Version 3.1
Softing / edgeAggregator
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
edgeConnector: Version 3.1
Softing / edgeConnector
|
3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC Suite: Version 5.2
Softing / OPC Suite
|
5.2 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
OPC UA C++ Server SDK: Version 6
Softing / OPC UA C++ Server SDK
|
6 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Secure Integration Server: Version 1.22
Softing / Secure Integration Server
|
<= 1.22 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
uaGate: Version 1.74
Softing / uaGate
|
1.74 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
17 references
Acknowledgments
Trend Micro Zero Day Initiative
Pedro Ribeiro
Radek Domanski
{
"document": {
"acknowledgments": [
{
"names": [
"Pedro Ribeiro",
"Radek Domanski"
],
"organization": "Trend Micro Zero Day Initiative",
"summary": "reporting these vulnerabilities to Softing and CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple sectors",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely. These vulnerabilities have a low attack complexity.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-228-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-228-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-228-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-228-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-228-04"
}
],
"title": "Softing Secure Integration Server",
"tracking": {
"current_release_date": "2022-08-16T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-228-04",
"initial_release_date": "2022-08-16T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-08-16T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "edgeAggregator: Version 3.1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "edgeAggregator"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "edgeConnector: Version 3.1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "edgeConnector"
},
{
"branches": [
{
"category": "product_version",
"name": "5.2",
"product": {
"name": "OPC Suite: Version 5.2",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "OPC Suite"
},
{
"branches": [
{
"category": "product_version",
"name": "6",
"product": {
"name": "OPC UA C++ Server SDK: Version 6",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "OPC UA C++ Server SDK"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.22",
"product": {
"name": "Secure Integration Server: Version 1.22",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Secure Integration Server"
},
{
"branches": [
{
"category": "product_version",
"name": "1.74",
"product": {
"name": "uaGate: Version 1.74",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "uaGate"
}
],
"category": "vendor",
"name": "Softing"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1069",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server.CVE-2022-1069 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1069"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-2334",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "summary",
"text": "The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server.CVE-2022-2334 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2334"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-2336",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.CVE-2022-2336 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2336"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-1373",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "summary",
"text": "The restore configuration feature of Softing Secure Integration Server is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the \"restore configuration\" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.CVE-2022-1373 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1373"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-2338",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Softing Secure Integration Server is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.CVE-2022-2338 has been assigned to this vulnerability. A CVSS v3 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2338"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-1748",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.CVE-2022-1748 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1748"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-2337",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server.CVE-2022-2337 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-2547",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server.CVE-2022-2547 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2547"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-2335",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server.CVE-2022-2335 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2335"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Softing Secure Integration Server: V1.30",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "The latest software packages can be downloaded from the Softing website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/products/opc-ua-sdks.html"
},
{
"category": "mitigation",
"details": "Change the admin password or create a new user with administrative rights and delete the default admin user.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Configure the Windows firewall to block network requests to IP port 9000.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…