The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
References
Link | Resource |
---|---|
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-08-17T20:10:24
Updated: 2022-08-17T20:10:24
Reserved: 2022-04-14T00:00:00
Link: CVE-2022-1373
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-17T21:15:08.647
Modified: 2023-06-27T15:49:41.903
Link: CVE-2022-1373
JSON object: View
Redhat Information
No data.