CVE-2022-2337
published 2022-08-17CVE-2022-2337: A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.30%
66.8th percentile
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softing | edgeaggregator | — | — |
| softing | edgeconnector | — | — |
| softing | opc | — | — |
| softing | opc_ua_c_+_+_software_development_kit | — | — |
| softing | secure_integration_server | — | — |
| softing | secure_integration_server | — | — |
| softing | uagates | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Softing Secure Integration Server
cisa_ics·2022-09-26·CVSS 7.5
[HIGH] Softing Secure Integration Server
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Softing Secure Integration Server
Last RevisedSeptember 26, 2022
Alert CodeICSA-22-228-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Softing
- Equipment: Secure Integration Server
- Vulnerabilities: Out-of-bounds Read, Uncontrolled Search Path Element, Improper Authentication, Relative Path Traversal, Cleartext Transmission of Sensitive Information, NULL Pointer Dereference, Integer Underflow.
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-servi
GHSA
GHSA-xrgh-xg67-h68q: A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1
ghsa_unreviewed·2022-08-18
CVE-2022-2337 [HIGH] CWE-476 GHSA-xrgh-xg67-h68q: A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-17
Published