CVE: CVE-2022-2336

Export to Word

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00229
Percentile: 0.45745

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-287 : Improper Authentication

All CAPEC(s)

CAPEC-114: Authentication Abuse
CAPEC-115: Authentication Bypass
CAPEC-151: Identity Spoofing
CAPEC-194: Fake the Source of Data
CAPEC-22: Exploiting Trust in Client
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
CAPEC-593: Session Hijacking
CAPEC-633: Token Impersonation
CAPEC-650: Upload a Web Shell to a Web Server
CAPEC-94: Adversary in the Middle (AiTM)

CAPEC(s) with Mapped TTPs

CAPEC-114: Authentication Abuse
Mapped TTPs:
- T1548 : Abuse Elevation Control Mechanism
CAPEC-115: Authentication Bypass
Mapped TTPs:
- T1548 : Abuse Elevation Control Mechanism
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
Mapped TTPs:
- T1040 : Network Sniffing
CAPEC-593: Session Hijacking
Mapped TTPs:
- T1185 : Browser Session Hijacking
- T1550.001 : Application Access Token
- T1563 : Remote Service Session Hijacking
CAPEC-633: Token Impersonation
Mapped TTPs:
- T1134 : Access Token Manipulation
CAPEC-650: Upload a Web Shell to a Web Server
Mapped TTPs:
- T1505.003 : Web Shell
CAPEC-94: Adversary in the Middle (AiTM)
Mapped TTPs:
- T1557 : Adversary-in-the-Middle

Mapped ATT&CK TTPs

T1548 : Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
T1548 : Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
T1040 : Network Sniffing
Kill Chain: credential-access
T1185 : Browser Session Hijacking
Kill Chain: collection
T1550.001 : Application Access Token
Kill Chain: defense-evasion
T1563 : Remote Service Session Hijacking
Kill Chain: lateral-movement
T1134 : Access Token Manipulation
Kill Chain: defense-evasion
T1505.003 : Web Shell
Kill Chain: persistence
T1557 : Adversary-in-the-Middle
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
APT41 DUST
ArcaneDoor
SolarWinds Compromise
Operation CuckooBees
2015 Ukraine Electric Power Attack
Versa Director Zero Day Exploitation
Leviathan Australian Intrusions
C0032
HomeLand Justice
C0017
Cutting Edge
2022 Ukraine Electric Power Attack
FrostyGoop Incident

Affected Products

cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*
cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*
cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*
cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:*:*:*:*:*:*:*
cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*
cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*

← Back to Home