Security Vulnerabilities - CVEs Published In August 2022
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.
CVSS Score
5.7
EPSS Score
0.0
Published
2022-08-17
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
CVSS Score
7.5
EPSS Score
0.014
Published
2022-08-17
An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.
CVSS Score
9.1
EPSS Score
0.017
Published
2022-08-17
A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-17
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.
CVSS Score
9.8
EPSS Score
0.021
Published
2022-08-17
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-08-17
This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-08-17
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
CVSS Score
7.5
EPSS Score
0.01
Published
2022-08-17
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
CVSS Score
7.2
EPSS Score
0.469
Published
2022-08-17
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-08-17