CVE-2022-2336
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as admin and password as admin. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the admin password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Softing | Secure Integration Server | V1.22 | affected |
| Softing | edgeConnector Siemens | V3.10 | affected |
| Softing | edgeConnector 840D | V3.10 | affected |
| Softing | edgeConnector Modbus | V3.10 | affected |
| Softing | edgeAggregator | V3.10 | affected |
Weaknesses
- CWE-287: CWE-287: Improper Authentication
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.