Vulnerability Description
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softing | Edgeaggregator | 3.1 |
| Softing | Edgeconnector | 3.1 |
| Softing | Opc | 5.2 |
| Softing | Opc Ua C\+\+ Software Development Kit | 6 |
| Softing | Secure Integration Server | 1.22 |
| Softing | Uagates | 1.74 |
Related Weaknesses (CWE)
References
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.htmlMitigationVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04MitigationThird Party AdvisoryUS Government Resource
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.htmlMitigationVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-2338?
CVE-2022-2338 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, f...
How severe is CVE-2022-2338?
CVE-2022-2338 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2338?
Check the references section above for vendor advisories and patch information. Affected products include: Softing Edgeaggregator, Softing Edgeconnector, Softing Opc, Softing Opc Ua C\+\+ Software Development Kit, Softing Secure Integration Server.