{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "publisher": { "category": "vendor", "name": "Softing Industrial Automation GmbH", "namespace": "https://industrial.softing.com", "contact_details": "Softing PSIRT - contact us at psirt@softing.com" }, "title": "Bypass of limitations and relative path transversal vulnerability in OPC UA C++ SDK and Secure Integration Server", "tracking": { "current_release_date": "2023-11-29T12:06:44.535Z", "id": "SYT-2023-2", "initial_release_date": "2023-05-06T07:00:00.000Z", "revision_history": [ { "date": "2023-06-05T07:00:00.000Z", "number": "1.0.0", "summary": "Initial version" }, { "number": "2.0.0", "date": "2023-11-29T12:06:44.535Z", "summary": "Fix for Secure Integration Server" } ], "status": "final", "version": "2.0.0", "generator": { "date": "2023-11-29T12:06:44.535Z", "engine": { "version": ".2.2.15", "name": "Secvisogram" } } }, "source_lang": "en-US", "aggregate_severity": { "text": "high" }, "notes": [ { "category": "legal_disclaimer", "text": "The information provided in this disclosure is provided \"as is\" without warranty of any kind.\nSofting disclaims all warranties, either express or implied, including the warranties of\nmerchantability and fitness for a particular purpose. In no event shall Softing or its suppliers be\nliable for any damages whatsoever including direct, indirect, incidental, consequential, loss of\nbusiness profits or special damages, even if Softing or its suppliers have been advised of the\npossibility of such damages.\nSome states do not allow the exclusion or limitation of liability for consequential or incidental\ndamages so the foregoing limitation may not apply.\n", "title": "Disclaimer" } ] }, "product_tree": { "branches": [ { "category": "product_version_range", "name": "Softing OPC UA C++ SDK <= 6.20", "product": { "product_id": "CSAFPID-0001", "name": "Softing OPC UA C++ SDK <= 6.20" } }, { "category": "product_version", "name": "Softing OPC UA C++ SDK V6.20.1", "product": { "product_id": "CSAFPID-0100", "name": "Softing OPC UA C++ SDK V6.20.1" } }, { "category": "product_version_range", "name": "Softing Secure Integration Server <= V1.22", "product": { "name": "Softing Secure Integration Server <= V1.22", "product_id": "CSAFPID-0002" } }, { "name": "Softing Secure Integration Server V1.30", "category": "product_version", "product": { "name": "Softing Secure Integration Server V1.30", "product_id": "CSAFPID-0102" } } ] }, "vulnerabilities": [ { "scores": [ { "products": [ "CSAFPID-0001", "CSAFPID-0002" ], "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "temporalScore": 7.7, "temporalSeverity": "HIGH", "environmentalScore": 7.7, "environmentalSeverity": "HIGH" } } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ], "fixed": [ "CSAFPID-0100", "CSAFPID-0102" ] }, "notes": [ { "category": "summary", "text": "The OPC UA file object implementation allows to bypass the separation between OPC UA namespaces, limitations on assignment of directory path to FileDirectory OPC UA objects and limitations on assignment of the file path to File OPC UA objects.\nIn combination with CVE-2023-29378 the server gives read and write access to local files which could be used for remote code excecution." } ], "discovery_date": "2022-10-14T10:00:00.000Z", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "cve": "CVE-2023-29377", "acknowledgments": [ { "organization": "Claroty Team82 working with Trend Micro Zero Day Initiative" } ] }, { "cve": "CVE-2023-29378", "acknowledgments": [ { "organization": "Claroty Team82 working with Trend Micro Zero Day Initiative" } ], "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "notes": [ { "category": "summary", "text": "The OPC UA FileDirectory and File object implementation does not check for relative path traversal. \nIn combination with CVE-2023-29377 the server gives read and write access to local files which could be used for remote code excecution." } ], "product_status": { "fixed": [ "CSAFPID-0100", "CSAFPID-0102" ], "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "baseScore": 7.7, "baseSeverity": "HIGH", "temporalScore": 7.7, "temporalSeverity": "HIGH", "environmentalScore": 7.7, "environmentalSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] } ] }