CVE-2022-2335

2022-08-1721:15:09

CWE-191

[email protected]

web.nvd.nist.gov

cve-2022-2335

http packet

denial of service

softing secure integration server

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.3%

JSON

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

Affected configurations

NVD

Node

softingedgeaggregatorMatch3.1

softingedgeconnectorMatch3.1

softingopcMatch5.2

softingopc_ua_c\+\+_software_development_kitMatch6

softingsecure_integration_serverMatch1.22

softinguagatesMatch1.74

CPENameOperatorVersion
softing:edgeaggregatorsofting edgeaggregatoreq3.1
softing:edgeconnectorsofting edgeconnectoreq3.1
softing:opcsofting opceq5.2
softing:opc_ua_c\+\+_software_development_kitsofting opc ua c++ software development kiteq6
softing:secure_integration_serversofting secure integration servereq1.22
softing:uagatessofting uagateseq1.74

CPE	Name	Operator	Version
softing:edgeaggregator	softing edgeaggregator	eq	3.1
softing:edgeconnector	softing edgeconnector	eq	3.1
softing:opc	softing opc	eq	5.2
softing:opc_ua_c\+\+_software_development_kit	softing opc ua c++ software development kit	eq	6
softing:secure_integration_server	softing secure integration server	eq	1.22
softing:uagates	softing uagates	eq	1.74

CNA Affected

[
  {
    "product": "Secure Integration Server",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V1.22"
      }
    ]
  }
]