Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
References
Link | Resource |
---|---|
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html | Mitigation Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-08-17T20:07:46
Updated: 2022-08-17T20:07:46
Reserved: 2022-07-06T00:00:00
Link: CVE-2022-2336
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-17T21:15:09.137
Modified: 2022-08-22T13:32:26.900
Link: CVE-2022-2336
JSON object: View
Redhat Information
No data.
CWE