← Back

CVE-2022-2338

nvd nist
Published: Aug 17, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.6 / Impact: 3.6
Source: NVD

Description

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.

Affected (6)

Softing
6 products
Edgeaggregator
Edgeconnector
Opc
Opc Ua C++ Software Development Kit
Secure Integration Server
Uagates
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Edgeaggregator
Version 3.1
Edgeconnector
Version 3.1
Opc
Version 5.2
Opc Ua C++ Software Development Kit
Version 6
Secure Integration Server
Version 1.22
Uagates
Version 1.74

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

Source: ics-cert@hq.dhs.gov
MitigationVendor Advisory
Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.