Multiple vulnerabilities in Softing Secure Integration Server
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2022-1069 CVE-2022-1373 CVE-2022-1748 CVE-2022-2547 CVE-2022-2337 CVE-2022-2338 CVE-2022-2334 CVE-2022-2336 CVE-2022-2335 |
| CWE-ID | CWE-125 CWE-22 CWE-476 CWE-319 CWE-427 CWE-287 CWE-191 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software |
Secure Integration Server Other software / Other software solutions uaGate Other software / Other software solutions OPC Suite Other software / Other software solutions OPC UA C++ Server SDK Other software / Other software solutions edgeAggregator Other software / Other software solutions edgeConnector Other software / Other software solutions |
| Vendor | Softing AG |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
Updated 24.08.2022
Added vulnerabilities #5-9
1) Out-of-bounds read
EUVDB-ID: #VU66580
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1069
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can use a specially crafted HTTP packet, trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecure Integration Server: 1.22
CPE2.3- cpe:2.3:a:softing_ag:secure_integration_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:secure_integration_server:1.22:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-22-228-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU66581
Risk: Low
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-1373
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the restore configuration feature. A remote administrator can send a specially crafted HTTP request and load arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecure Integration Server: 1.22
CPE2.3- cpe:2.3:a:softing_ag:secure_integration_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:secure_integration_server:1.22:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-22-228-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
3) NULL pointer dereference
EUVDB-ID: #VU66582
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1748
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsuaGate: 1.74
OPC Suite: 5.2
OPC UA C++ Server SDK: 6
edgeAggregator: 3.1
edgeConnector: 3.1
Secure Integration Server: 1.22
CPE2.3- cpe:2.3:a:softing_ag:uagate:1.74:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:opc_suite:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:opc_ua_c_plus_plus_server_sdk:6:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:edgeaggregator:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:edgeconnector:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:secure_integration_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:secure_integration_server:1.22:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-22-228-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU66583
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2547
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecure Integration Server: 1.22
CPE2.3- cpe:2.3:a:softing_ag:secure_integration_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:secure_integration_server:1.22:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-22-228-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU65249
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2337
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can send a specially crafted HTTP packet and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSecure Integration Server: 1.22
CPE2.3 External linkshttps://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
https://www.zerodayinitiative.com/advisories/ZDI-22-1157/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cleartext transmission of sensitive information
EUVDB-ID: #VU66741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2338
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSecure Integration Server: 1.22
CPE2.3 External linkshttps://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html
https://www.zerodayinitiative.com/advisories/ZDI-22-1155/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Insecure DLL loading
EUVDB-ID: #VU66738
Risk: Low
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-2334
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to the application searches for a library dll that is not found. A remote administrator can place a specially crafted .dll file and execute arbitrary code on target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSecure Integration Server: 1.22
CPE2.3 External linkshttps://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html
https://www.zerodayinitiative.com/advisories/ZDI-22-1154/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
8) Improper Authentication
EUVDB-ID: #VU66739
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-2336
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the affected software ships with the default administrator credentials as "admin" and password as "admin" and does not ask the user to change the password. A remote attacker can bypass authentication process and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSecure Integration Server: 1.22
edgeConnector: 3.1
edgeAggregator: 3.1
CPE2.3- cpe:2.3:a:softing_ag:secure_integration_server:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:edgeconnector:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:softing_ag:edgeaggregator:3.1:*:*:*:*:*:*:*
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html
https://www.zerodayinitiative.com/advisories/ZDI-22-1161/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer underflow
EUVDB-ID: #VU66740
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2335
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow. A remote attacker can send a specially crafted HTTP packet to the affected application, trigger integer underflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSecure Integration Server: 1.22
CPE2.3 External linkshttps://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html
https://www.zerodayinitiative.com/advisories/ZDI-22-1160/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
