CVE-2022-2338 - OpenCVE

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Softing	Uagates Edgeaggregator Edgeconnector Secure Integration Server Opc Opc Ua C\+\+ Software Development Kit

Configuration 1 [-]

OR	cpe:2.3:a:softing:edgeaggregator:3.1:::::::*
	cpe:2.3:a:softing:edgeconnector:3.1:::::::*
	cpe:2.3:a:softing:opc:5.2:::::::*
	cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:::::::*
	cpe:2.3:a:softing:secure_integration_server:1.22:::::::*
	cpe:2.3:a:softing:uagates:1.74:::::::*

References

Link	Resource
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html	Mitigation Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04	Mitigation Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2022-08-17T20:15:03

Updated: 2022-08-17T20:15:03

Reserved: 2022-07-06T00:00:00

Link: CVE-2022-2338

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-17T21:15:09.270

Modified: 2022-08-19T12:36:09.137

Link: CVE-2022-2338

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"containers": {"cna": {"affected": [{"product": "Secure Integration Server", "vendor": "Softing", "versions": [{"status": "affected", "version": "V1.22"}]}], "credits": [{"lang": "en", "value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."}], "descriptions": [{"lang": "en", "value": "Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-17T20:15:03", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"}], "solutions": [{"lang": "en", "value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-5 on the Softing security website."}], "source": {"discovery": "EXTERNAL"}, "title": "Softing Secure Integration Server Cleartext Transmission of Sensitive Information", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-2338", "STATE": "PUBLIC", "TITLE": "Softing Secure Integration Server Cleartext Transmission of Sensitive Information"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Secure Integration Server", "version": {"version_data": [{"version_affected": "=", "version_value": "V1.22"}]}}]}, "vendor_name": "Softing"}]}}, "credit": [{"lang": "eng", "value": "Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-319: Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"}, {"name": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html", "refsource": "CONFIRM", "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"}]}, "solution": [{"lang": "en", "value": "Softing released new versions to address these vulnerabilities and notified known users of the releases. Users are advised to update to the new versions:\nSofting Secure Integration Server V1.30 \n\nThe latest software packages can be downloaded from the Softing website. \n\nSofting recommends the following mitigations and workarounds: \nChange the admin password or create a new user with administrative rights and delete the default admin user. \nConfigure the Windows firewall to block network requests to IP port 9000. \nDisable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server. \nFor more details on these vulnerabilities and mitigations, users should see SYT-2022-5 on the Softing security website."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-2338", "datePublished": "2022-08-17T20:15:03", "dateReserved": "2022-07-06T00:00:00", "dateUpdated": "2022-08-17T20:15:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D", "vulnerable": true}, {"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B", "vulnerable": true}, {"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C", "vulnerable": true}, {"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*", "matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*", "matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*", "matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server."}, {"lang": "es", "value": "Softing Secure Integration Server versi\u00f3n V1.22, es vulnerable a una omisi\u00f3n de la autenticaci\u00f3n por medio de un ataque de tipo \"machine-in-the-middle\". Por defecto, la interfaz de administraci\u00f3n es accesible por medio del protocolo HTTP en texto plano, lo que facilita el ataque. La petici\u00f3n HTTP puede contener la cookie de sesi\u00f3n en la petici\u00f3n, que puede ser capturada para su uso en la autenticaci\u00f3n al servidor."}], "id": "CVE-2022-2338", "lastModified": "2022-08-19T12:36:09.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-08-17T21:15:09.270", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}