Lucene search

IcscertCVE-2022-2336

HistoryAug 17, 2022 - 9:15 p.m.

CVE-2022-2336

2022-08-1721:15:09

CWE-287

icscert

web.nvd.nist.gov

cve-2022-2336

softing

secure integration server

edgeconnector

edgeaggregator

default credentials

admin password

nvd

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as admin and password as admin. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the admin password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.

Affected configurations

Nvd

Node

softingedgeaggregatorMatch3.1

softingedgeconnectorMatch3.1

softingopcMatch5.2

softingopc_ua_c\+\+_software_development_kitMatch6

softingsecure_integration_serverMatch1.22

softinguagatesMatch1.74

VendorProductVersionCPE
softingedgeaggregator3.1cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*
softingedgeconnector3.1cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*
softingopc5.2cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*
softingopc_ua_c\+\+_software_development_kit6cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:*:*:*:*:*:*:*
softingsecure_integration_server1.22cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*
softinguagates1.74cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
softing	edgeaggregator	3.1	cpe:2.3:a:softing:edgeaggregator:3.1:::::::*
softing	edgeconnector	3.1	cpe:2.3:a:softing:edgeconnector:3.1:::::::*
softing	opc	5.2	cpe:2.3:a:softing:opc:5.2:::::::*
softing	opc_ua_c\+\+_software_development_kit	6	cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:::::::*
softing	secure_integration_server	1.22	cpe:2.3:a:softing:secure_integration_server:1.22:::::::*
softing	uagates	1.74	cpe:2.3:a:softing:uagates:1.74:::::::*

CNA Affected

[
  {
    "product": "Secure Integration Server",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V1.22"
      }
    ]
  },
  {
    "product": "edgeConnector Siemens",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V3.10"
      }
    ]
  },
  {
    "product": "edgeConnector 840D",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V3.10"
      }
    ]
  },
  {
    "product": "edgeConnector Modbus",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V3.10"
      }
    ]
  },
  {
    "product": "edgeAggregator",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V3.10"
      }
    ]
  }
]

References

industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html

www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Related for CVE-2022-2336