CVE-2022-2336

Softing Secure Integration Server Improper Authentication

CVSS 9.8 CRITICALEPSS 0.9%CWE-287

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Softing · edgeAggregator Softing · edgeConnector 840D Softing · edgeConnector Modbus Softing · edgeConnector Siemens Softing · Secure Integration Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04