CVE-2022-2334

HIGH

Softing Secure Integration Server V1.22 - RCE

Title source: llm

Description

The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Chris Anastasio (muffin) of Incite Team, Steven Seeley (mr_me) of Incite Team · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/softing_sis_rce.rb

View Code ZIP pw:eip

References (2)

[Mitigation, Vendor Advisory] https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html

[Mitigation, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04

Scores

CVSS v3 7.2

EPSS 0.6241

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (6)

softing/edgeaggregator

softing/edgeconnector

softing/opc

softing/opc_ua_c\+\+_software_development_kit

softing/secure_integration_server

softing/uagates

Timeline

Published Aug 17, 2022

Tracked Since Feb 18, 2026