Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-2336

Опубликовано: 17 авг. 2022
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as admin and password as admin. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the admin password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:softing:edgeaggregator:3.1:*:*:*:*:*:*:*
cpe:2.3:a:softing:edgeconnector:3.1:*:*:*:*:*:*:*
cpe:2.3:a:softing:opc:5.2:*:*:*:*:*:*:*
cpe:2.3:a:softing:opc_ua_c\+\+_software_development_kit:6:*:*:*:*:*:*:*
cpe:2.3:a:softing:secure_integration_server:1.22:*:*:*:*:*:*:*
cpe:2.3:a:softing:uagates:1.74:*:*:*:*:*:*:*

EPSS

Процентиль: 47%
0.00239
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

Связанные уязвимости

github логотип

GHSA-rvxf-x8j2-f3x9

CVSS3: 9.8
github
больше 3 лет назад

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.

EPSS

Процентиль: 47%
0.00239
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287