CVE-2022-1373 : The “restore configuration” feature of Softing Secure Integration Server V1.

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.

Published 2022-08-17 21:15:09

Updated 2023-06-27 15:49:42

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: Directory traversalExecute code

Products affected by CVE-2022-1373

Softing » OPC » Version: 5.2
cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*
Matching versions
Softing » Edgeconnector » Version: 3.1
cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*
Matching versions
Softing » Secure Integration Server » Version: 1.22
cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*
Matching versions
Softing » Uagates » Version: 1.74
cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*
Matching versions
Softing » Opc Ua C++ Software Development Kit » Version: 6
cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:*:*:*:*:*:*:*
Matching versions
Softing » Edgeaggregator » Version: 3.1
cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-1373

EPSS FAQ

69.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2022-1373

Softing Secure Integration Server v1.22 Remote Code Execution

Disclosure Date: 2022-07-27

First seen: 2024-07-20

exploit/windows/http/softing_sis_rce

This module chains two vulnerabilities (CVE-2022-1373 and CVE-2022-2334) to achieve authenticated remote code execution against Softing Secure Integration Server v1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerablity when

More information

CVSS scores for CVE-2022-1373

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	ICS-CERT
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-1373

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)
CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Assigned by: ics-cert@hq.dhs.gov (Secondary)

References for CVE-2022-1373

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

Softing Secure Integration Server | CISA
Mitigation;Third Party Advisory;US Government Resource

CVEs referencing this url
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html

Mitigation;Vendor Advisory

CVEs referencing this url

Jump to