ICSA-22-228-04 · Published 2022-08-16 · View on CISA ICS-CERT ↗

Softing Secure Integration Server

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.

CVE-2022-1069 CVE-2022-2334 CVE-2022-2336 CVE-2022-1373 CVE-2022-2338 CVE-2022-1748 CVE-2022-2337 CVE-2022-2547 CVE-2022-2335

Softing Secure Integration Server: V1.30
The latest software packages can be downloaded from the Softing website.
Change the admin password or create a new user with administrative rights and delete the default admin user.
Configure the Windows firewall to block network requests to IP port 9000.
Disable the HTTP Server in NGINX configuration of the Softing Secure Integration Server, only using the HTTPS server.
For more details on these vulnerabilities and mitigations, users should see SYT-2022-7, SYT-2022-6, SYT-2022-5, and SYT-2022-4 on the Softing security website.

Softing

Softing · edgeAggregator 3.1

Softing · edgeConnector 3.1

Softing · OPC Suite 5.2

Softing · OPC UA C++ Server SDK 6

Softing · Secure Integration Server <= 1.22

Softing · uaGate 1.74

Multiple sectors

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.