CVE-2022-2334

HIGH

Softing Secure Integration Server V1.22 - RCE

Title source: llm

Description

The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Chris Anastasio (muffin) of Incite Team, Steven Seeley (mr_me) of Incite Team · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/softing_sis_rce.rb

View Code ZIP pw:eip

References (2)

[Mitigation, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

[Mitigation, Vendor Advisory] https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html

Scores

CVSS v3 7.2

EPSS 0.6241

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (6)

softing/edgeaggregator 3.1

softing/edgeconnector 3.1

softing/opc 5.2

softing/opc_ua_c\+\+_software_development_kit 6

softing/secure_integration_server 1.22

softing/uagates 1.74

Published Aug 17, 2022

Tracked Since Feb 18, 2026