admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-23xx/CVE-2022-2338.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

134 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-2338",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-08-17T21:15:09.270",
"lastModified": "2022-08-19T12:36:09.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server."
},
{
"lang": "es",
"value": "Softing Secure Integration Server versi\u00f3n V1.22, es vulnerable a una omisi\u00f3n de la autenticaci\u00f3n por medio de un ataque de tipo \"machine-in-the-middle\". Por defecto, la interfaz de administraci\u00f3n es accesible por medio del protocolo HTTP en texto plano, lo que facilita el ataque. La petici\u00f3n HTTP puede contener la cookie de sesi\u00f3n en la petici\u00f3n, que puede ser capturada para su uso en la autenticaci\u00f3n al servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012"
}
]
}
]
}
],
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink