Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.
References
Link | Resource |
---|---|
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation Third Party Advisory US Government Resource |
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
References | () https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html - Mitigation, Vendor Advisory | |
References | () https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 - Mitigation, Third Party Advisory, US Government Resource |
19 Aug 2022, 12:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 - Mitigation, Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:* cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:* cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:* cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:* cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:*:*:*:*:*:*:* cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:* |
17 Aug 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-17 21:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-2338
Mitre link : CVE-2022-2338
CVE.ORG link : CVE-2022-2338
JSON object : View
Products Affected
softing
- opc_ua_c\+\+_software_development_kit
- edgeaggregator
- uagates
- edgeconnector
- opc
- secure_integration_server
CWE
CWE-319
Cleartext Transmission of Sensitive Information