Vulnerabilities > CVE-2022-2338 - Unspecified vulnerability in Softing products

CVSS 5.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

high complexity

softing

NVD

Published: 2022-08-17

Updated: 2024-11-21

Summary

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.

Vulnerable Configurations

Part	Description	Count
Application	Softing Softing Edgeaggregator 3.1 Softing Secure Integration Server 1.22 Softing Edgeconnector 3.1 Softing OPC 5.2 Softing OPC UA C++ Software Development KIT 6 Softing Uagates 1.74	6

References

https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04