CVE-2022-1373

HIGH

Softing Secure Integration Server v1.22 Remote Code Execution

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-1373. PoCs published by Chris Anastasio (muffin) of Incite Team, Steven Seeley (mr_me) of Incite Team, including Metasploit module exploits/windows/http/softing_sis_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2022-1373 and CVE-2022-2334 to achieve authenticated RCE on Softing Secure Integration Server v1.22 via directory traversal and DLL hijacking.

Description

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Chris Anastasio (muffin) of Incite Team, Steven Seeley (mr_me) of Incite Team · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/softing_sis_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2022-1373 and CVE-2022-2334 to achieve authenticated RCE on Softing Secure Integration Server v1.22 via directory traversal and DLL hijacking.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Softing Secure Integration Server v1.22

Auth required

Prerequisites: Valid credentials or signature for authentication · Network access to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 24, 2026 Full analysis →

References (2)

Core 2

Core References

Mitigation, Third Party Advisory, US Government Resource x_refsource_confirm

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

Mitigation, Vendor Advisory x_refsource_confirm

https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html

Scores

CVSS v3 7.2

EPSS 0.6858

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-23

Status published

Products (6)

softing/edgeaggregator 3.1

softing/edgeconnector 3.1

softing/opc 5.2

softing/opc_ua_c\+\+_software_development_kit 6

softing/secure_integration_server 1.22

softing/uagates 1.74

Published Aug 17, 2022

Tracked Since Feb 18, 2026