CVE-2022-2334

{"id": "CVE-2022-2334", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-08-17T21:15:08.973", "references": [{"url": "https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22."}, {"lang": "es", "value": "La aplicaci\u00f3n busca una biblioteca dll que no es encontrada. Si un atacante puede colocar una dll con este nombre, entonces el atacante puede aprovecharla para ejecutar c\u00f3digo arbitrario en Softing Secure Integration Server versi\u00f3n V1.22 objetivo."}], "lastModified": "2022-08-19T12:52:28.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0E07A55-5FA0-402D-BB22-FA8D3D8C484D"}, {"criteria": "cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62FE322E-A720-4E08-9058-3BAC295E720B"}, {"criteria": "cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9916828-8213-47D4-B294-8112B241F32C"}, {"criteria": "cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA185EBD-8048-4B1C-A476-4AE61831ACF7"}, {"criteria": "cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BF8EC24-9C94-4C55-A496-5DD524B981C4"}, {"criteria": "cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}