← volver
CVE-2022-1373

Softing Secure Integration Server Relative Path Traversal

CVSS 7.2 HIGHEPSS 10.2%CWE-23
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Softing · Secure Integration Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.htmlhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04