CVE-2022-2334

2022-08-1721:15:08

CWE-427

[email protected]

web.nvd.nist.gov

cve-2022-2334

application security

dll vulnerability

arbitrary code execution

softing secure integration server v1.22

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.4%

JSON

The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.

Affected configurations

NVD

Node

softingedgeaggregatorMatch3.1

softingedgeconnectorMatch3.1

softingopcMatch5.2

softingopc_ua_c\+\+_software_development_kitMatch6

softingsecure_integration_serverMatch1.22

softinguagatesMatch1.74

CPENameOperatorVersion
softing:edgeaggregatorsofting edgeaggregatoreq3.1
softing:edgeconnectorsofting edgeconnectoreq3.1
softing:opcsofting opceq5.2
softing:opc_ua_c\+\+_software_development_kitsofting opc ua c++ software development kiteq6
softing:secure_integration_serversofting secure integration servereq1.22
softing:uagatessofting uagateseq1.74

CPE	Name	Operator	Version
softing:edgeaggregator	softing edgeaggregator	eq	3.1
softing:edgeconnector	softing edgeconnector	eq	3.1
softing:opc	softing opc	eq	5.2
softing:opc_ua_c\+\+_software_development_kit	softing opc ua c++ software development kit	eq	6
softing:secure_integration_server	softing secure integration server	eq	1.22
softing:uagates	softing uagates	eq	1.74

CNA Affected

[
  {
    "product": "Secure Integration Server",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V1.22"
      }
    ]
  }
]