Vulnerability Details : CVE-2022-2334
Public exploit exists!
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.
Vulnerability category: Execute code
Products affected by CVE-2022-2334
- cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*
- cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:*:*:*:*:*:*:*
- cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-2334
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-2334
-
Softing Secure Integration Server v1.22 Remote Code Execution
Disclosure Date: 2022-07-27First seen: 2024-07-20exploit/windows/http/softing_sis_rceThis module chains two vulnerabilities (CVE-2022-1373 and CVE-2022-2334) to achieve authenticated remote code execution against Softing Secure Integration Server v1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerablity when
CVSS scores for CVE-2022-2334
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
ICS-CERT | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2022-2334
-
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.Assigned by: ics-cert@hq.dhs.gov (Primary)
References for CVE-2022-2334
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
Softing Secure Integration Server | CISAMitigation;Third Party Advisory;US Government Resource
-
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html
Mitigation;Vendor Advisory
Jump to