CVE-2023-39478 - Vulnerability Details

Link	Providers
https://www.zerodayinitiative.com/advisories/ZDI-23-1060/

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39478", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2023-08-02T21:37:23.124Z", "datePublished": "2024-05-03T02:10:43.636Z", "dateUpdated": "2024-08-02T18:10:20.948Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T02:10:43.636Z"}, "title": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547."}], "affected": [{"vendor": "Softing", "product": "Secure Integration Server", "versions": [{"version": "1.22.0.8686", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-668", "description": "CWE-668: Exposure of Resource to Wrong Sphere", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/", "name": "ZDI-23-1060", "tags": ["x_research-advisory"]}], "dateAssigned": "2023-08-02T16:44:31.515-05:00", "datePublic": "2023-08-09T13:04:28.415-05:00", "source": {"lang": "en", "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.6, "baseSeverity": "MEDIUM"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39478", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-06T19:15:09.515950Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:*"], "vendor": "softing", "product": "secure_integration_server", "versions": [{"status": "affected", "version": "1.22.0.8686"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:27:04.877Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.948Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/", "name": "ZDI-23-1060", "tags": ["x_research-advisory", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/", "name": "ZDI-23-1060", "tags": ["x_research-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.948Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39478", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-06T19:15:09.515950Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:*"], "vendor": "softing", "product": "secure_integration_server", "versions": [{"status": "affected", "version": "1.22.0.8686"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-06T19:14:18.614Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Softing", "product": "Secure Integration Server", "versions": [{"status": "affected", "version": "1.22.0.8686"}], "defaultStatus": "unknown"}], "datePublic": "2023-08-09T13:04:28.415-05:00", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/", "name": "ZDI-23-1060", "tags": ["x_research-advisory"]}], "dateAssigned": "2023-08-02T16:44:31.515-05:00", "descriptions": [{"lang": "en", "value": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-668", "description": "CWE-668: Exposure of Resource to Wrong Sphere"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T02:10:43.636Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39478", "state": "PUBLISHED", "dateUpdated": "2024-08-02T18:10:20.948Z", "dateReserved": "2023-08-02T21:37:23.124Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2024-05-03T02:10:43.636Z", "assignerShortName": "zdi"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547."}, {"lang": "es", "value": "Softing Secure Integration Server Exposici\u00f3n de recursos a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de esfera incorrecta. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Softing Secure Integration Server. Aunque se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad, se puede omitir el mecanismo de autenticaci\u00f3n existente. La falla espec\u00edfica existe en el manejo de espacios de nombres OPC FileDirectory. El problema se debe a la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario antes de usarlos para crear un objeto de servidor. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-20547."}], "id": "CVE-2023-39478", "lastModified": "2024-11-21T08:15:30.137", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-05-03T03:15:14.113", "references": [{"source": "[email protected]", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1060/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "[email protected]", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object