Vulnerability Description
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softing | Edgeaggregator | 3.1 |
| Softing | Edgeconnector | 3.1 |
| Softing | Opc | 5.2 |
| Softing | Opc Ua C\+\+ Software Development Kit | 6 |
| Softing | Secure Integration Server | 1.22 |
| Softing | Uagates | 1.74 |
Related Weaknesses (CWE)
References
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.htmlMitigationVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04MitigationThird Party AdvisoryUS Government Resource
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.htmlMitigationVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-1373?
CVE-2022-1373 is a vulnerability with a CVSS score of 7.2 (HIGH). The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load ...
How severe is CVE-2022-1373?
CVE-2022-1373 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1373?
Check the references section above for vendor advisories and patch information. Affected products include: Softing Edgeaggregator, Softing Edgeconnector, Softing Opc, Softing Opc Ua C\+\+ Software Development Kit, Softing Secure Integration Server.