Lucene search

IcscertCVELIST:CVE-2022-2547

HistoryAug 17, 2022 - 8:06 p.m.

CVE-2022-2547 Softing Secure Integration Server NULL Pointer Dereference

2022-08-1720:06:38

CWE-476

icscert

www.cve.org

crafted http packet

denial-of-service

softing secure integration server v1.22

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

65.4%

JSON

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

CNA Affected

[
  {
    "product": "Secure Integration Server",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V1.22"
      }
    ]
  }
]

References

industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html

www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

65.4%

JSON

Related for CVELIST:CVE-2022-2547