ZDI-23-1061: (0Day) (Pwn2Own) Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability
First published: Wed Aug 09 2023(Updated: )
This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Softing Secure Integration Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-23-1061?
ZDI-23-1061 has a high severity rating due to its ability to allow remote attackers to create directories on vulnerable installations.
How do I fix ZDI-23-1061?
To mitigate ZDI-23-1061, ensure that your installation of Softing Secure Integration Server is updated to the latest security patch that addresses this vulnerability.
Which software is affected by ZDI-23-1061?
ZDI-23-1061 affects the Softing Secure Integration Server.
Can ZDI-23-1061 be exploited without authentication?
Although ZDI-23-1061 requires authentication, the vulnerability allows the existing authentication mechanism to be bypassed.
What are the consequences of exploiting ZDI-23-1061?
Exploiting ZDI-23-1061 could lead to unauthorized directory creation, potentially compromising the integrity and security of the affected installation.
- collector/zdi-published
- alias/ZDI-CAN-20548
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-1061
- alias/CVE-2023-39479
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/softing
- canonical/softing secure integration server