CVE-2022-2338

 

Published at: - 17-08-2022 11:15

Last modified: - 19-08-2022 02:36

Total changes: - 3

Description

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

 

Verification logic

 

Reference

• https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
• https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html

 

Keywords

NVD

 

CVE-2022-2338

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures