Lucene search

[email protected]CVE-2022-2336

HistoryAug 17, 2022 - 9:15 p.m.

CVE-2022-2336

2022-08-1721:15:09

CWE-287

[email protected]

web.nvd.nist.gov

cve-2022-2336

softing

secure integration server

edgeconnector

edgeaggregator

default credentials

admin password

nvd

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

JSON

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as admin and password as admin. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the admin password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.

Affected configurations

NVD

Node

softingedgeaggregatorMatch3.1

softingedgeconnectorMatch3.1

softingopcMatch5.2

softingopc_ua_c\+\+_software_development_kitMatch6

softingsecure_integration_serverMatch1.22

softinguagatesMatch1.74

CPENameOperatorVersion
softing:edgeaggregatorsofting edgeaggregatoreq3.1
softing:edgeconnectorsofting edgeconnectoreq3.1
softing:opcsofting opceq5.2
softing:opc_ua_c\+\+_software_development_kitsofting opc ua c++ software development kiteq6
softing:secure_integration_serversofting secure integration servereq1.22
softing:uagatessofting uagateseq1.74

CPE	Name	Operator	Version
softing:edgeaggregator	softing edgeaggregator	eq	3.1
softing:edgeconnector	softing edgeconnector	eq	3.1
softing:opc	softing opc	eq	5.2
softing:opc_ua_c\+\+_software_development_kit	softing opc ua c++ software development kit	eq	6
softing:secure_integration_server	softing secure integration server	eq	1.22
softing:uagates	softing uagates	eq	1.74

CNA Affected

[
  {
    "product": "Secure Integration Server",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V1.22"
      }
    ]
  },
  {
    "product": "edgeConnector Siemens",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V3.10"
      }
    ]
  },
  {
    "product": "edgeConnector 840D",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V3.10"
      }
    ]
  },
  {
    "product": "edgeConnector Modbus",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V3.10"
      }
    ]
  },
  {
    "product": "edgeAggregator",
    "vendor": "Softing",
    "versions": [
      {
        "status": "affected",
        "version": "V3.10"
      }
    ]
  }
]