CVE-2022-1373— Softing Secure Integration Server Relative Path Traversal
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-1373
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Softing Secure Integration Server Relative Path Traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
相对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
Softing Secure Integration Server 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Softing Secure Integration Server是德国Softing公司的一款安全集成服务器。提供强大的 OPC UA 数据集成层并支持接口抽象、聚合、数据预处理和安全监督。 Softing Secure Integration Server V1.22版本存在路径遍历漏洞,该漏洞源于在restore configuration功能在处理 zip 文件时容易受到目录遍历漏洞的影响,攻击者利用该漏洞可以制作一个 zip 文件来加载任意 dll 并执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Softing | Secure Integration Server | V1.22 | - |
II. Public POCs for CVE-2022-1373
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-1373
请登录查看更多情报信息。
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.htmlx_refsource_CONFIRM
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-1373
Same Patch Batch · Softing · 2022-08-17 · 9 CVEs total
| CVE-2022-2336 | 9.8 CRITICAL | Softing Secure Integration Server Improper Authentication |
| CVE-2022-1069 | 7.5 HIGH | Softing Secure Integration Server Out-of-bounds Read |
| CVE-2022-1748 | 7.5 HIGH | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2022-2335 | 7.5 HIGH | Softing Secure Integration Server Integer Underflow |
| CVE-2022-2337 | 7.5 HIGH | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2022-2547 | 7.5 HIGH | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2022-2334 | 7.2 HIGH | Softing Secure Integration Server Uncontrolled Search Path Element |
| CVE-2022-2338 | 5.7 MEDIUM | Softing Secure Integration Server Cleartext Transmission of Sensitive Information |
IV. Related Vulnerabilities
Same product: Secure Integration Server
- CVE-2023-39482
Softing Secure Integration Server Hardcoded Cryptographic Ke - CVE-2023-39481
Softing Secure Integration Server Interpretation Conflict Re - CVE-2023-39480
Softing Secure Integration Server FileDirectory OPC UA Objec - CVE-2023-39478
Softing Secure Integration Server Exposure of Resource to Wr - CVE-2023-39479
Softing Secure Integration Server OPC UA Gateway Directory C
Same vendor: Softing
- CVE-2023-7339
Data collection for dowloading leads into buffer overflow - CVE-2024-14028
Multiple implicit reads in parallel can result in a crash or - CVE-2025-13406
Scanning for higher HART revision device leads into NULL poi - CVE-2025-10461
Global file reads caused by improper URL checks in webserver - CVE-2025-10685
HTTP POST with specific higher content length leads into hea
Same weakness: CWE-23
- CVE-2026-8209
Gibbon<30.0.01路径遍历漏洞导致拒绝服务 - CVE-2026-43533
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot M - CVE-2026-43616
Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write - CVE-2026-42085
OpenC3 COSMOS: Arbitrary write to plugins directory via path - CVE-2026-22070
ColorOS Assistant Path Traversal Vulnerability
V. Comments for CVE-2022-1373
No comments yet