CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
36.9%
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.
Vendor | Product | Version | CPE |
---|---|---|---|
softing | edgeaggregator | 3.1 | cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:* |
softing | edgeconnector | 3.1 | cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:* |
softing | opc | 5.2 | cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:* |
softing | opc_ua_c\+\+_software_development_kit | 6 | cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:*:*:*:*:*:*:* |
softing | secure_integration_server | 1.22 | cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:* |
softing | uagates | 1.74 | cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:* |