5.7

CVE-2022-2338

EPSS 0.03%
Veröffentlicht 17.08.2022 21:15:09
Zuletzt bearbeitet 21.11.2024 07:00:47
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Softing ≫ Edgeaggregator Version3.1

Softing ≫ Edgeconnector Version3.1

Softing ≫ Opc Version5.2

Softing ≫ Opc Ua C++ Software Development Kit Version6

Softing ≫ Secure Integration Server Version1.22

Softing ≫ Uagates Version1.74

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

Third Party Advisory

US Government Resource

Mitigation

https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-2338

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2338

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2338

EUVD