Skip to main content

Edgeaggregator CVE-2022-2338

MEDIUM
Cleartext Transmission of Sensitive Information (CWE-319)
2022-08-17 ics-cert@hq.dhs.gov
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 17, 2022 - 21:15 nvd
MEDIUM 5.3

DescriptionNVD

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.

AnalysisAI

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-319. Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server. Affected products include: Softing Edgeaggregator, Softing Edgeconnector, Softing Opc, Softing Opc Ua C\+\+ Software Development Kit, Softing Secure Integration Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-2334 HIGH POC
7.2 Aug 17

The application searches for a library dll that is not found. Rated high severity (CVSS 7.2), this vulnerability is remo

CVE-2022-1373 HIGH POC
7.2 Aug 17

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vu

CVE-2022-2336 CRITICAL
9.8 Aug 17

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator crede

CVE-2024-0860 HIGH
7.5 Mar 14

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow a

CVE-2022-37453 HIGH
7.5 Oct 20

An issue was discovered in Softing OPC UA C++ SDK before 6.10. Rated high severity (CVSS 7.5), this vulnerability is rem

CVE-2022-2547 HIGH
7.5 Aug 17

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integrati

CVE-2022-2337 HIGH
7.5 Aug 17

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Ser

CVE-2022-2335 HIGH
7.5 Aug 17

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integra

CVE-2022-1748 HIGH
7.5 Aug 17

Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affec

CVE-2022-1069 HIGH
7.5 Aug 17

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Inte

CVE-2023-38126 HIGH
7.2 Dec 19

Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. Rated high severit

Share

CVE-2022-2338 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy