{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T22:04:23.902","vulnerabilities":[{"cve":{"id":"CVE-2022-2338","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2022-08-17T21:15:09.270","lastModified":"2024-11-21T07:00:47.887","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server."},{"lang":"es","value":"Softing Secure Integration Server versión V1.22, es vulnerable a una omisión de la autenticación por medio de un ataque de tipo \"machine-in-the-middle\". Por defecto, la interfaz de administración es accesible por medio del protocolo HTTP en texto plano, lo que facilita el ataque. La petición HTTP puede contener la cookie de sesión en la petición, que puede ser capturada para su uso en la autenticación al servidor."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*","matchCriteriaId":"C0E07A55-5FA0-402D-BB22-FA8D3D8C484D"},{"vulnerable":true,"criteria":"cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*","matchCriteriaId":"62FE322E-A720-4E08-9058-3BAC295E720B"},{"vulnerable":true,"criteria":"cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*","matchCriteriaId":"A9916828-8213-47D4-B294-8112B241F32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:softing:opc_ua_c\\+\\+_software_development_kit:6:*:*:*:*:*:*:*","matchCriteriaId":"BA185EBD-8048-4B1C-A476-4AE61831ACF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*","matchCriteriaId":"0BF8EC24-9C94-4C55-A496-5DD524B981C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*","matchCriteriaId":"2DD68DEC-1E1C-456F-8FC2-F3EF9A72B012"}]}]}],"references":[{"url":"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}}]}