CVE-2022-2335

Published: Aug 17, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

Affected (6)

Products: Softing: Edgeaggregator, Edgeconnector, Opc, Opc Ua C++ Software Development Kit, Secure Integration Server, Uagates

6 products

Opc Ua C++ Software Development Kit

Secure Integration Server

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Softing Edgeaggregator	Version 3.1
Softing Edgeconnector	Version 3.1
Softing Opc	Version 5.2
Softing Opc Ua C++ Software Development Kit	Version 6
Softing Secure Integration Server	Version 1.22
Softing Uagates	Version 1.74

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (4)

https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html

Source: ics-cert@hq.dhs.gov

MitigationVendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.