Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.
References
Link | Resource |
---|---|
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html | Mitigation Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-08-17T20:15:03
Updated: 2022-08-17T20:15:03
Reserved: 2022-07-06T00:00:00
Link: CVE-2022-2338
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-17T21:15:09.270
Modified: 2022-08-19T12:36:09.137
Link: CVE-2022-2338
JSON object: View
Redhat Information
No data.
CWE