CVE-2022-2336

{"id": "CVE-2022-2336", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-17T21:15:09.137", "references": [{"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."}, {"lang": "es", "value": "Softing Secure Integration Server, edgeConnector y edgeAggregator son enviados con las credenciales de administrador por defecto como \"admin\" y la contrase\u00f1a como \"admin\". Esto permite a Softing iniciar sesi\u00f3n en el servidor directamente para llevar a cabo funciones administrativas. Tras la instalaci\u00f3n o el primer inicio de sesi\u00f3n, la aplicaci\u00f3n no pide al usuario que cambie la contrase\u00f1a \"admin\". No se presenta ninguna advertencia o aviso para pedir al usuario que cambie la contrase\u00f1a por defecto, y para cambiar la contrase\u00f1a, son requeridos muchos pasos."}], "lastModified": "2022-08-22T13:32:26.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D"}, {"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B"}, {"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C"}, {"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7"}, {"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4"}, {"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}