CVE-2022-1748 (GCVE-0-2022-1748)

Vulnerability from cvelistv5 – Published: 2022-08-17 20:08 – Updated: 2025-04-16 16:13
VLAI?
Title
Softing Secure Integration Server NULL Pointer Dereference
Summary
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Softing Secure Integration Server Affected: V1.22
Create a notification for this product.
Credits
Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:16:59.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1748",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:53.897049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:13:15.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secure Integration Server",
          "vendor": "Softing",
          "versions": [
            {
              "status": "affected",
              "version": "V1.22"
            }
          ]
        },
        {
          "product": "OPC UA C++ SDK",
          "vendor": "Softing",
          "versions": [
            {
              "status": "affected",
              "version": "V6.00"
            }
          ]
        },
        {
          "product": "edgeConnector Siemens",
          "vendor": "Softing",
          "versions": [
            {
              "status": "affected",
              "version": "V3.10"
            }
          ]
        },
        {
          "product": "edgeConnector 840D",
          "vendor": "Softing",
          "versions": [
            {
              "status": "affected",
              "version": "V3.10"
            }
          ]
        },
        {
          "product": "edgeConnector Modbus",
          "vendor": "Softing",
          "versions": [
            {
              "status": "affected",
              "version": "V3.10"
            }
          ]
        },
        {
          "product": "edgeAggregator",
          "vendor": "Softing",
          "versions": [
            {
              "status": "affected",
              "version": "V3.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T20:08:38.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-7 on the Softing security website."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Softing Secure Integration Server NULL Pointer Dereference",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2022-1748",
          "STATE": "PUBLIC",
          "TITLE": "Softing Secure Integration Server NULL Pointer Dereference"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secure Integration Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "V1.22"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "OPC UA C++ SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "V6.00"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "edgeConnector Siemens",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "V3.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "edgeConnector 840D",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "V3.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "edgeConnector Modbus",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "V3.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "edgeAggregator",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "V3.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Softing"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476: NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
            },
            {
              "name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html",
              "refsource": "CONFIRM",
              "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-7 on the Softing security website."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1748",
    "datePublished": "2022-08-17T20:08:38.000Z",
    "dateReserved": "2022-05-16T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:13:15.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0E07A55-5FA0-402D-BB22-FA8D3D8C484D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62FE322E-A720-4E08-9058-3BAC295E720B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9916828-8213-47D4-B294-8112B241F32C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:opc_ua_c\\\\+\\\\+_software_development_kit:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA185EBD-8048-4B1C-A476-4AE61831ACF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BF8EC24-9C94-4C55-A496-5DD524B981C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite y uaGate est\\u00e1n afectados por una vulnerabilidad de desreferencia de puntero NULL.\"}]",
      "id": "CVE-2022-1748",
      "lastModified": "2024-11-21T06:41:22.917",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-08-17T21:15:08.717",
      "references": "[{\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-1748\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-08-17T21:15:08.717\",\"lastModified\":\"2024-11-21T06:41:22.917\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.\"},{\"lang\":\"es\",\"value\":\"Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite y uaGate est\u00e1n afectados por una vulnerabilidad de desreferencia de puntero NULL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0E07A55-5FA0-402D-BB22-FA8D3D8C484D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62FE322E-A720-4E08-9058-3BAC295E720B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9916828-8213-47D4-B294-8112B241F32C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:opc_ua_c\\\\+\\\\+_software_development_kit:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA185EBD-8048-4B1C-A476-4AE61831ACF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF8EC24-9C94-4C55-A496-5DD524B981C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012\"}]}]}],\"references\":[{\"url\":\"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:16:59.941Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1748\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:54:53.897049Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:54:55.787Z\"}}], \"cna\": {\"title\": \"Softing Secure Integration Server NULL Pointer Dereference\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Softing\", \"product\": \"Secure Integration Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"V1.22\"}]}, {\"vendor\": \"Softing\", \"product\": \"OPC UA C++ SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"V6.00\"}]}, {\"vendor\": \"Softing\", \"product\": \"edgeConnector Siemens\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.10\"}]}, {\"vendor\": \"Softing\", \"product\": \"edgeConnector 840D\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.10\"}]}, {\"vendor\": \"Softing\", \"product\": \"edgeConnector Modbus\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.10\"}]}, {\"vendor\": \"Softing\", \"product\": \"edgeAggregator\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.10\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\\nSofting Secure Integration Server V1.30 \\n\\nThe latest software packages can be downloaded from the Softing website. \\n\\nSofting recommends the following mitigations and workarounds: \\nChange the admin password or create a new user with administrative rights and delete the default admin user. \\nConfigure the Windows firewall to block network requests to IP port 9000. \\nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \\nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-7 on the Softing security website.\"}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476: NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-08-17T20:08:38.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA.\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"V1.22\", \"version_affected\": \"=\"}]}, \"product_name\": \"Secure Integration Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V6.00\", \"version_affected\": \"=\"}]}, \"product_name\": \"OPC UA C++ SDK\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V3.10\", \"version_affected\": \"=\"}]}, \"product_name\": \"edgeConnector Siemens\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V3.10\", \"version_affected\": \"=\"}]}, \"product_name\": \"edgeConnector 840D\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V3.10\", \"version_affected\": \"=\"}]}, \"product_name\": \"edgeConnector Modbus\"}, {\"version\": {\"version_data\": [{\"version_value\": \"V3.10\", \"version_affected\": \"=\"}]}, \"product_name\": \"edgeAggregator\"}]}, \"vendor_name\": \"Softing\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\\nSofting Secure Integration Server V1.30 \\n\\nThe latest software packages can be downloaded from the Softing website. \\n\\nSofting recommends the following mitigations and workarounds: \\nChange the admin password or create a new user with administrative rights and delete the default admin user. \\nConfigure the Windows firewall to block network requests to IP port 9000. \\nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \\nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-7 on the Softing security website.\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html\", \"name\": \"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-476: NULL Pointer Dereference\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-1748\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Softing Secure Integration Server NULL Pointer Dereference\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-1748\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:13:15.237Z\", \"dateReserved\": \"2022-05-16T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-08-17T20:08:38.000Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.