CVE-2022-2337
Softing Secure Integration Server NULL Pointer Dereference
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
Un paquete HTTP diseñado con un URI HTTP faltante puede crear una condición de denegación de servicio en Softing Secure Integration Server versión V1.22.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing Secure Integration Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of the URI HTTP header. The issue results from dereferencing a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
*Credits:
Pedro Ribeiro and Radek Domanski, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to Softing and CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-06 CVE Reserved
- 2022-08-17 CVE Published
- 2024-07-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-4.html | 2022-08-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Softing Search vendor "Softing" | Edgeaggregator Search vendor "Softing" for product "Edgeaggregator" | 3.1 Search vendor "Softing" for product "Edgeaggregator" and version "3.1" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Edgeconnector Search vendor "Softing" for product "Edgeconnector" | 3.1 Search vendor "Softing" for product "Edgeconnector" and version "3.1" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Opc Search vendor "Softing" for product "Opc" | 5.2 Search vendor "Softing" for product "Opc" and version "5.2" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Opc Ua C\+\+ Software Development Kit Search vendor "Softing" for product "Opc Ua C\+\+ Software Development Kit" | 6 Search vendor "Softing" for product "Opc Ua C\+\+ Software Development Kit" and version "6" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Secure Integration Server Search vendor "Softing" for product "Secure Integration Server" | 1.22 Search vendor "Softing" for product "Secure Integration Server" and version "1.22" | - |
Affected
| ||||||
| Softing Search vendor "Softing" | Uagates Search vendor "Softing" for product "Uagates" | 1.74 Search vendor "Softing" for product "Uagates" and version "1.74" | - |
Affected
| ||||||