CVE-2022-2336— Softing Secure Integration Server Improper Authentication
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-2336
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Softing Secure Integration Server Improper Authentication
Source: NVD (National Vulnerability Database)
Vulnerability Description
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Softing Secure Integration Server 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Softing Secure Integration Server是德国Softing公司的一款安全集成服务器。提供强大的 OPC UA 数据集成层并支持接口抽象、聚合、数据预处理和安全监督。 Softing Secure Integration Server 存在授权问题漏洞,该漏洞源于受影响的产品容易受到过度的身份验证尝试,例如密码喷射或撞库攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Softing | Secure Integration Server | V1.22 | - | |
| Softing | edgeConnector Siemens | V3.10 | - | |
| Softing | edgeConnector 840D | V3.10 | - | |
| Softing | edgeConnector Modbus | V3.10 | - | |
| Softing | edgeAggregator | V3.10 | - |
II. Public POCs for CVE-2022-2336
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-2336
请登录查看更多情报信息。
- https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-6.htmlx_refsource_CONFIRM
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-2336
Same Patch Batch · Softing · 2022-08-17 · 9 CVEs total
| CVE-2022-1069 | 7.5 HIGH | Softing Secure Integration Server Out-of-bounds Read |
| CVE-2022-1748 | 7.5 HIGH | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2022-2335 | 7.5 HIGH | Softing Secure Integration Server Integer Underflow |
| CVE-2022-2337 | 7.5 HIGH | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2022-2547 | 7.5 HIGH | Softing Secure Integration Server NULL Pointer Dereference |
| CVE-2022-1373 | 7.2 HIGH | Softing Secure Integration Server Relative Path Traversal |
| CVE-2022-2334 | 7.2 HIGH | Softing Secure Integration Server Uncontrolled Search Path Element |
| CVE-2022-2338 | 5.7 MEDIUM | Softing Secure Integration Server Cleartext Transmission of Sensitive Information |
IV. Related Vulnerabilities
Same product: Secure Integration Server
- CVE-2023-39482
Softing Secure Integration Server Hardcoded Cryptographic Ke - CVE-2023-39481
Softing Secure Integration Server Interpretation Conflict Re - CVE-2023-39480
Softing Secure Integration Server FileDirectory OPC UA Objec - CVE-2023-39478
Softing Secure Integration Server Exposure of Resource to Wr - CVE-2023-39479
Softing Secure Integration Server OPC UA Gateway Directory C
Same vendor: Softing
- CVE-2023-7339
Data collection for dowloading leads into buffer overflow - CVE-2024-14028
Multiple implicit reads in parallel can result in a crash or - CVE-2025-13406
Scanning for higher HART revision device leads into NULL poi - CVE-2025-10461
Global file reads caused by improper URL checks in webserver - CVE-2025-10685
HTTP POST with specific higher content length leads into hea
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2022-2336
No comments yet