Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Softing Secure Integration Server Relative Path Traversal
Vulnerability Description
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
相对路径遍历
Vulnerability Title
Softing Secure Integration Server 路径遍历漏洞
Vulnerability Description
Softing Secure Integration Server是德国Softing公司的一款安全集成服务器。提供强大的 OPC UA 数据集成层并支持接口抽象、聚合、数据预处理和安全监督。 Softing Secure Integration Server V1.22版本存在路径遍历漏洞,该漏洞源于在restore configuration功能在处理 zip 文件时容易受到目录遍历漏洞的影响,攻击者利用该漏洞可以制作一个 zip 文件来加载任意 dll 并执行代码。
CVSS Information
N/A
Vulnerability Type
N/A