Softing edgeConnector

Plan Patch8ICS-CERT ICSA-24-074-13Mar 14, 2024

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Softing edgeConnector and edgeAggregator contain path traversal (CWE-22) and cleartext transmission (CWE-319) vulnerabilities that could allow remote code execution. The vulnerabilities are exploitable via adjacent network access with user interaction; no remote internet exploitation is possible.

What this means

What could happen

An attacker with access to your local network could execute arbitrary commands on the edgeConnector or edgeAggregator device, potentially allowing them to alter data collection, compromise sensor readings, or disrupt communication between your control systems and edge devices.

Who's at risk

Water and electric utilities, as well as any manufacturing or infrastructure operator using Softing edgeConnector or edgeAggregator for SCADA data aggregation and remote monitoring should assess this risk. These products are commonly used as gateways between industrial sensors and central control systems.

How it could be exploited

An attacker on the same local network (e.g., via compromised workstation or wireless access) could craft a malicious file or link that exploits the path traversal flaw. If a user interacts with it (opens a file, clicks a link), the attacker gains code execution on the edge device. The cleartext transmission vulnerability may allow credentials or sensitive data to be intercepted during normal operation.

Prerequisites

Adjacent network access (same LAN or WiFi segment)
User interaction required (user must click link, open file, or visit malicious web content)
No credentials or special configuration needed

No authentication requiredLow complexity exploitHigh CVSS (8.0)Affects data integrity and confidentialityNo patch available for current versions

Exploitability

Moderate exploit probability (EPSS 6.5%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

edgeConnector: 3.603.603.70 or later

edgeAggregator: 3.603.603.70 or later

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict network access to edgeConnector and edgeAggregator devices using firewall rules; block unnecessary inbound connections and isolate these devices from business networks and the internet

HARDENINGSegment edge devices behind firewalls separate from enterprise and wireless networks to limit adjacent network access

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Softing edgeConnector to version 3.70 or later

HOTFIXUpdate Softing edgeAggregator to version 3.70 or later

HARDENINGIf remote access is required, implement a VPN and keep it updated to the latest version

CVEs (2)

CVE-2023-38126 CVE-2024-0860

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3a4f5613-ca36-4ff3-946c-39d69e8fcd0b