Vulnerabilites related to softing - opc
CVE-2023-41151 (GCVE-0-2023-41151)
Vulnerability from cvelistv5
Published
2023-12-14 00:00
Modified
2025-05-22 17:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:03.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-41151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:55:45.122620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:56:46.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T18:51:07.048Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41151",
"datePublished": "2023-12-14T00:00:00.000Z",
"dateReserved": "2023-08-24T00:00:00.000Z",
"dateUpdated": "2025-05-22T17:56:46.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1373 (GCVE-0-2022-1373)
Vulnerability from cvelistv5
Published
2022-08-17 20:10
Modified
2025-04-16 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing | Secure Integration Server |
Version: V1.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:28:04.455540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:50:36.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u201crestore configuration\u201d feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the \"restore configuration\" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:10:24.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-5 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server Relative Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1373",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server Relative Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201crestore configuration\u201d feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the \"restore configuration\" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-5 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1373",
"datePublished": "2022-08-17T20:10:24.000Z",
"dateReserved": "2022-04-14T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:50:36.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40871 (GCVE-0-2021-40871)
Vulnerability from cvelistv5
Published
2021-11-10 22:43
Modified
2024-08-04 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://industrial.softing.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T22:43:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://industrial.softing.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://industrial.softing.com/",
"refsource": "MISC",
"url": "https://industrial.softing.com/"
},
{
"name": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf",
"refsource": "MISC",
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40871",
"datePublished": "2021-11-10T22:43:26",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1748 (GCVE-0-2022-1748)
Vulnerability from cvelistv5
Published
2022-08-17 20:08
Modified
2025-04-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Softing | Secure Integration Server |
Version: V1.22 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:53.897049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:15.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
},
{
"product": "OPC UA C++ SDK",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V6.00"
}
]
},
{
"product": "edgeConnector Siemens",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeConnector 840D",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeConnector Modbus",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:08:38.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-7 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1748",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server NULL Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
},
{
"product_name": "OPC UA C++ SDK",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V6.00"
}
]
}
},
{
"product_name": "edgeConnector Siemens",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeConnector 840D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeConnector Modbus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeAggregator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-7 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1748",
"datePublished": "2022-08-17T20:08:38.000Z",
"dateReserved": "2022-05-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:15.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2338 (GCVE-0-2022-2338)
Vulnerability from cvelistv5
Published
2022-08-17 20:15
Modified
2025-04-16 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing | Secure Integration Server |
Version: V1.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:48.300738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:12:59.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:15:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-5 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server Cleartext Transmission of Sensitive Information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2338",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server Cleartext Transmission of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-5 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2338",
"datePublished": "2022-08-17T20:15:03.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:12:59.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2336 (GCVE-0-2022-2336)
Vulnerability from cvelistv5
Published
2022-08-17 20:07
Modified
2025-04-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Softing | Secure Integration Server |
Version: V1.22 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:43.764724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:22.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
},
{
"product": "edgeConnector Siemens",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeConnector 840D",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeConnector Modbus",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
},
{
"product": "edgeAggregator",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V3.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:07:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-6 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2336",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server Improper Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
},
{
"product_name": "edgeConnector Siemens",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeConnector 840D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeConnector Modbus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
},
{
"product_name": "edgeAggregator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.10"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-6 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2336",
"datePublished": "2022-08-17T20:07:46.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:22.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14522 (GCVE-0-2020-14522)
Vulnerability from cvelistv5
Published
2020-08-25 13:35
Modified
2024-09-16 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION
Summary
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0 | OPC |
Version: All versions < 4.47.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OPC",
"vendor": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0",
"versions": [
{
"lessThan": "4.47.0",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-25T13:35:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Softing Industrial Automation OPC",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-28T00:00:00.000Z",
"ID": "CVE-2020-14522",
"STATE": "PUBLIC",
"TITLE": "Softing Industrial Automation OPC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All versions",
"version_value": "4.47.0"
}
]
}
}
]
},
"vendor_name": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14522",
"datePublished": "2020-08-25T13:35:02.997796Z",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-09-16T19:47:21.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37453 (GCVE-0-2022-37453)
Vulnerability from cvelistv5
Published
2022-10-20 00:00
Modified
2025-05-08 18:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://softing.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:57:43.699381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:57:46.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://softing.com"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37453",
"datePublished": "2022-10-20T00:00:00.000Z",
"dateReserved": "2022-08-07T00:00:00.000Z",
"dateUpdated": "2025-05-08T18:57:46.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2334 (GCVE-0-2022-2334)
Vulnerability from cvelistv5
Published
2022-08-17 20:11
Modified
2025-04-16 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing | Secure Integration Server |
Version: V1.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:28:01.786557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:50:24.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:11:17.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-5 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2334",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server Uncontrolled Search Path Element"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-5 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2334",
"datePublished": "2022-08-17T20:11:17.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:50:24.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39823 (GCVE-0-2022-39823)
Vulnerability from cvelistv5
Published
2022-10-20 00:00
Modified
2025-05-08 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.softing.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-8.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-39823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:56:35.492848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:56:58.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.softing.com"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-8.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-39823",
"datePublished": "2022-10-20T00:00:00.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-05-08T18:56:58.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14524 (GCVE-0-2020-14524)
Vulnerability from cvelistv5
Published
2020-08-25 13:36
Modified
2024-09-17 01:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW
Summary
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0 | OPC |
Version: All versions < 4.47.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OPC",
"vendor": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0",
"versions": [
{
"lessThan": "4.47.0",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-25T13:36:17",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Softing Industrial Automation OPC",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-28T00:00:00.000Z",
"ID": "CVE-2020-14524",
"STATE": "PUBLIC",
"TITLE": "Softing Industrial Automation OPC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All versions",
"version_value": "4.47.0"
}
]
}
}
]
},
"vendor_name": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14524",
"datePublished": "2020-08-25T13:36:17.917717Z",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-09-17T01:55:40.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2337 (GCVE-0-2022-2337)
Vulnerability from cvelistv5
Published
2022-08-17 20:18
Modified
2025-04-16 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing | Secure Integration Server |
Version: V1.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:42.760334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:12:45.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:18:49.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2337",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server NULL Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2337",
"datePublished": "2022-08-17T20:18:49.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:12:45.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37572 (GCVE-0-2023-37572)
Vulnerability from cvelistv5
Published
2023-12-05 00:00
Modified
2024-10-11 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-5.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-37572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T18:03:46.099601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:05:27.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T19:41:07.235042",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-5.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37572",
"datePublished": "2023-12-05T00:00:00",
"dateReserved": "2023-07-07T00:00:00",
"dateUpdated": "2024-10-11T18:05:27.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40873 (GCVE-0-2021-40873)
Vulnerability from cvelistv5
Published
2021-11-10 22:48
Modified
2024-08-04 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://industrial.softing.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T22:48:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://industrial.softing.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://industrial.softing.com/",
"refsource": "MISC",
"url": "https://industrial.softing.com/"
},
{
"name": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf",
"refsource": "MISC",
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40873",
"datePublished": "2021-11-10T22:48:27",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2335 (GCVE-0-2022-2335)
Vulnerability from cvelistv5
Published
2022-08-17 20:13
Modified
2025-04-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow
Summary
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing | Secure Integration Server |
Version: V1.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:49.307025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:08.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:13:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server Integer Underflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2335",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server Integer Underflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191: Integer Underflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2335",
"datePublished": "2022-08-17T20:13:15.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:08.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1069 (GCVE-0-2022-1069)
Vulnerability from cvelistv5
Published
2022-08-17 20:17
Modified
2025-04-16 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing | Secure Integration Server |
Version: V1.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:45.942698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:12:52.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:17:11.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server Out-of-bounds Read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1069",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server Out-of-bounds Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1069",
"datePublished": "2022-08-17T20:17:11.000Z",
"dateReserved": "2022-03-24T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:12:52.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2547 (GCVE-0-2022-2547)
Vulnerability from cvelistv5
Published
2022-08-17 20:06
Modified
2025-04-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Softing | Secure Integration Server |
Version: V1.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:57.861751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:29.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "V1.22"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:06:38.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"solutions": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Softing Secure Integration Server NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-2547",
"STATE": "PUBLIC",
"TITLE": "Softing Secure Integration Server NULL Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure Integration Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V1.22"
}
]
}
}
]
},
"vendor_name": "Softing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html",
"refsource": "CONFIRM",
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
]
},
"solution": [
{
"lang": "en",
"value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-4 on the Softing security website."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2547",
"datePublished": "2022-08-17T20:06:38.000Z",
"dateReserved": "2022-07-26T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:29.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 06:39
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
},
{
"lang": "es",
"value": "Un paquete HTTP dise\u00f1ado con un encabezado de gran longitud de contenido puede crear una condici\u00f3n de denegaci\u00f3n de servicio en Softing Secure Integration Server versi\u00f3n V1.22."
}
],
"id": "CVE-2022-1069",
"lastModified": "2024-11-21T06:39:58.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:08.577",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 06:40
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \u201crestore configuration\u201d feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the \"restore configuration\" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk."
},
{
"lang": "es",
"value": "La funcionalidad de \"restore configuration\" de Softing Secure Integration Server versi\u00f3n V1.22 ,es susceptible a una vulnerabilidad de salto de directorio cuando son procesados archivos zip. Un atacante puede dise\u00f1ar un archivo zip para cargar una DLL arbitraria y ejecutar c\u00f3digo. El uso de la funcionalidad \"restore configuration\" para cargar un archivo zip que contenga un archivo de cruce de ruta puede causar la creaci\u00f3n de un archivo y su ejecuci\u00f3n al tocar el disco."
}
],
"id": "CVE-2022-1373",
"lastModified": "2024-11-21T06:40:35.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:08.647",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-05 06:15
Modified
2024-11-21 08:11
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84F4815A-A822-4A31-8601-8C6394CFE0E8",
"versionEndExcluding": "5.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted."
},
{
"lang": "es",
"value": "Softing OPC Suite versi\u00f3n 5.25 y anteriores tiene un control de acceso incorrecto, lo que permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de permisos d\u00e9biles en el servicio OSF_discovery."
}
],
"id": "CVE-2023-37572",
"lastModified": "2024-11-21T08:11:58.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-05T06:15:48.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-5.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 07:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required."
},
{
"lang": "es",
"value": "Softing Secure Integration Server, edgeConnector y edgeAggregator son enviados con las credenciales de administrador por defecto como \"admin\" y la contrase\u00f1a como \"admin\". Esto permite a Softing iniciar sesi\u00f3n en el servidor directamente para llevar a cabo funciones administrativas. Tras la instalaci\u00f3n o el primer inicio de sesi\u00f3n, la aplicaci\u00f3n no pide al usuario que cambie la contrase\u00f1a \"admin\". No se presenta ninguna advertencia o aviso para pedir al usuario que cambie la contrase\u00f1a por defecto, y para cambiar la contrase\u00f1a, son requeridos muchos pasos."
}
],
"id": "CVE-2022-2336",
"lastModified": "2024-11-21T07:00:47.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:09.137",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 07:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22."
},
{
"lang": "es",
"value": "Un paquete HTTP dise\u00f1ado con un URI HTTP faltante puede crear una condici\u00f3n de denegaci\u00f3n de servicio en Softing Secure Integration Server versi\u00f3n V1.22."
}
],
"id": "CVE-2022-2337",
"lastModified": "2024-11-21T07:00:47.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:09.207",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-20 21:15
Modified
2025-05-08 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.html | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://softing.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://softing.com | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | * | |
| softing | edgeconnector | * | |
| softing | opc | * | |
| softing | opc_ua_c\+\+_software_development_kit | * | |
| softing | secure_integration_server | * | |
| softing | uagates | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "628CF1AA-0EAA-4638-9B55-D805F48FE6C0",
"versionEndIncluding": "3.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74EEA0E5-E594-4B2F-A7B9-8A3D592F6192",
"versionEndIncluding": "3.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C23CF12C-EE3C-46AF-A153-4F9EC85A3417",
"versionEndIncluding": "5.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE20E08D-5FD6-43CD-8405-925224096751",
"versionEndIncluding": "6.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "788D765F-4A20-49CC-BC97-483E69AB63C7",
"versionEndIncluding": "1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA389737-C787-47B1-ABB7-95AE945BDB6B",
"versionEndIncluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Softing OPC UA C++ SDK versiones anteriores a 6.10. Es producido un desbordamiento del b\u00fafer o un exceso de asignaci\u00f3n debido a los l\u00edmites de matrices y arrays no comprobados en los tipos de datos de estructuras"
}
],
"id": "CVE-2022-37453",
"lastModified": "2025-05-08T19:15:52.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-20T21:15:10.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://softing.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-9.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://softing.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 07:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
},
{
"lang": "es",
"value": "Un paquete HTTP dise\u00f1ado sin un encabezado de tipo de contenido puede crear una condici\u00f3n de denegaci\u00f3n de servicio en Softing Secure Integration Server versi\u00f3n V1.22."
}
],
"id": "CVE-2022-2547",
"lastModified": "2024-11-21T07:01:13.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:09.337",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-20 21:15
Modified
2025-05-08 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-8.html | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.softing.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-8.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.softing.com | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | opc | * | |
| softing | opc_ua_c\+\+_software_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B74753-8DDB-4AE5-A1E6-E42C0D65C8EE",
"versionEndIncluding": "5.22",
"versionStartIncluding": "5.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39D8DBB4-8429-43B6-ADF8-5348CE8B47F1",
"versionEndIncluding": "6.00",
"versionStartIncluding": "5.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error"
},
{
"lang": "es",
"value": "Se ha detectado un problema en Softing OPC UA C++ SDK versiones 5.66 hasta 6.x anteriores a 6.10. Una petici\u00f3n de exploraci\u00f3n OPC/UA que exceda el l\u00edmite del servidor en puntos de continuaci\u00f3n puede causar un error de uso de memoria previamente liberada"
}
],
"id": "CVE-2022-39823",
"lastModified": "2025-05-08T19:15:52.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-20T21:15:10.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-8.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.softing.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.softing.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 07:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22."
},
{
"lang": "es",
"value": "Un paquete HTTP dise\u00f1ado con un encabezado de longitud de contenido -1 puede crear una condici\u00f3n de denegaci\u00f3n de servicio en Softing Secure Integration Server versi\u00f3n V1.22."
}
],
"id": "CVE-2022-2335",
"lastModified": "2024-11-21T07:00:47.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:09.053",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-25 14:15
Modified
2024-11-21 05:03
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8DD875-3E3B-4379-9A5F-599EB8A65F41",
"versionEndExcluding": "4.47.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition."
},
{
"lang": "es",
"value": "Softing Industrial Automation todas las versiones anteriores a la \u00faltima compilaci\u00f3n de la versi\u00f3n 4.47.0, el producto afectado es vulnerable a un consumo de recursos no controlado, lo que puede permitir a un atacante causar una condici\u00f3n de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2020-14522",
"lastModified": "2024-11-21T05:03:27.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-25T14:15:16.027",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-10 23:15
Modified
2024-11-21 06:24
Severity ?
Summary
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | datafeed_opc_suite | * | |
| softing | opc | * | |
| softing | secure_integration_server | * | |
| softing | th_scope | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:datafeed_opc_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C103B04-ACCD-418F-8FCA-A1E6D3F65765",
"versionEndExcluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCF586-B1F5-44A4-BE3C-C1FADC36FAC2",
"versionEndExcluding": "5.66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "788D765F-4A20-49CC-BC97-483E69AB63C7",
"versionEndIncluding": "1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:th_scope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A095128F-37B7-4BA4-AA82-F9B0E33E6325",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Softing Industrial Automation OPC UA C++ SDK versiones anteriores a 5.66. Unos atacantes remotos pueden causar una denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de mensajes dise\u00f1ados a un cliente OPC/UA. El proceso del cliente puede bloquearse inesperadamente debido a un reparto de tipos err\u00f3neo, y debe reiniciarse"
}
],
"id": "CVE-2021-40871",
"lastModified": "2024-11-21T06:24:59.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-10T23:15:08.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 07:00
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n busca una biblioteca dll que no es encontrada. Si un atacante puede colocar una dll con este nombre, entonces el atacante puede aprovecharla para ejecutar c\u00f3digo arbitrario en Softing Secure Integration Server versi\u00f3n V1.22 objetivo."
}
],
"id": "CVE-2022-2334",
"lastModified": "2024-11-21T07:00:47.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:08.973",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-14 19:15
Modified
2025-05-22 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | opc | * | |
| softing | opc_ua_c\+\+_software_development_kit | * | |
| softing | secure_integration_server | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A9054D-8442-4675-B4B3-CAD84C536C7C",
"versionEndIncluding": "5.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E709EE-31CB-4788-9D60-F05A7BE1211D",
"versionEndIncluding": "6.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "788D765F-4A20-49CC-BC97-483E69AB63C7",
"versionEndIncluding": "1.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing."
},
{
"lang": "es",
"value": "Un problema de excepci\u00f3n no detectado descubierto en Softing OPC UA C++ SDK anterior a 6.30 para el sistema operativo Windows puede causar que la aplicaci\u00f3n falle cuando el servidor quiere enviar un paquete de error, mientras el socket est\u00e1 bloqueado al escribir."
}
],
"id": "CVE-2023-41151",
"lastModified": "2025-05-22T18:15:25.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-14T19:15:16.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-25 14:15
Modified
2024-11-21 05:03
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8DD875-3E3B-4379-9A5F-599EB8A65F41",
"versionEndExcluding": "4.47.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code."
},
{
"lang": "es",
"value": "Softing Industrial Automation todas las versiones anteriores a la \u00faltima compilaci\u00f3n de la versi\u00f3n 4.47.0, el producto afectado es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario remotamente"
}
],
"id": "CVE-2020-14524",
"lastModified": "2024-11-21T05:03:27.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-25T14:15:16.123",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 06:41
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability."
},
{
"lang": "es",
"value": "Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite y uaGate est\u00e1n afectados por una vulnerabilidad de desreferencia de puntero NULL."
}
],
"id": "CVE-2022-1748",
"lastModified": "2024-11-21T06:41:22.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:08.717",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-7.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 21:15
Modified
2024-11-21 07:00
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | edgeaggregator | 3.1 | |
| softing | edgeconnector | 3.1 | |
| softing | opc | 5.2 | |
| softing | opc_ua_c\+\+_software_development_kit | 6 | |
| softing | secure_integration_server | 1.22 | |
| softing | uagates | 1.74 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server."
},
{
"lang": "es",
"value": "Softing Secure Integration Server versi\u00f3n V1.22, es vulnerable a una omisi\u00f3n de la autenticaci\u00f3n por medio de un ataque de tipo \"machine-in-the-middle\". Por defecto, la interfaz de administraci\u00f3n es accesible por medio del protocolo HTTP en texto plano, lo que facilita el ataque. La petici\u00f3n HTTP puede contener la cookie de sesi\u00f3n en la petici\u00f3n, que puede ser capturada para su uso en la autenticaci\u00f3n al servidor."
}
],
"id": "CVE-2022-2338",
"lastModified": "2024-11-21T07:00:47.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T21:15:09.270",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-10 23:15
Modified
2024-11-21 06:24
Severity ?
Summary
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softing | datafeed_opc_suite | * | |
| softing | edgeconnector | * | |
| softing | opc | * | |
| softing | secure_integration_server | * | |
| softing | th_scope | * | |
| softing | uagates | * | |
| softing | uatoolkit_embedded | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:datafeed_opc_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C103B04-ACCD-418F-8FCA-A1E6D3F65765",
"versionEndExcluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:edgeconnector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA275F1-BAF9-4DF0-9A7D-72803927AEDB",
"versionEndIncluding": "2.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:opc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABCF586-B1F5-44A4-BE3C-C1FADC36FAC2",
"versionEndExcluding": "5.66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "788D765F-4A20-49CC-BC97-483E69AB63C7",
"versionEndIncluding": "1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:th_scope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A095128F-37B7-4BA4-AA82-F9B0E33E6325",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uagates:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6C10BB-64B0-49F1-984E-F50996B3BFBF",
"versionEndExcluding": "1.73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:uatoolkit_embedded:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CEDE30-1C5B-45B0-B4E9-A7A42485C03E",
"versionEndExcluding": "1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Softing Industrial Automation OPC UA C++ SDK versiones anteriores a 5.66, y en uaToolkit Embedded versiones anteriores a 1.40. Unos atacantes remotos pueden causar una denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de mensajes dise\u00f1ados a un cliente o servidor. El proceso del servidor puede bloquearse inesperadamente debido a una doble liberaci\u00f3n, y debe ser reiniciado"
}
],
"id": "CVE-2021-40873",
"lastModified": "2024-11-21T06:24:59.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-10T23:15:08.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40873.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}