CVE-2022-1373 Information

Description

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the estore configuration\ feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html