CVE-2022-43990 - Password Recovery Vulnerability in SICK SIM1012 (Partnumber 1098146) Devices That Can Lead to Unauthorized Access and Privilege Escalation

A recently discovered security vulnerability, identified as CVE-2022-43990, affects the password recovery feature in SICK SIM1012 devices with part number 1098146 and firmware versions lower than 2.2.. This vulnerability could potentially enable an unprivileged remote attacker to elevate their privileges on the system and access confidential information, as well as manipulate the integrity and availability of the system's data and services. Due to the nature of this vulnerability, an attacker can achieve repeatable success in exploiting it. The recommended solution is to update the affected devices to firmware version 2.2. or higher, which is available on the SICK Support Portal.

Code Snippet

In devices affected by CVE-2022-43990, an unprivileged attacker can invoke the password recovery mechanism in the following method to elevate their privileges:

def recover_password(device, user_level):
    password = device.invoke_password_recovery(user_level)
    device.login(user_level, password)
    return password

In this example, the attacker can use the recover_password function to call the password recovery mechanism and login with the escalated privileges.

Original References

The vulnerability was initially reported by the security researchers who discovered it and has since been acknowledged and documented by the affected vendor, SICK AG. For more information on CVE-2022-43990, please refer to the following resources:

1. CVE-2022-43990 vulnerability report
2. SICK AG Security Advisory for CVE-2022-43990

Login to the device with the RecoverableUserLevel and newly recovered password.

5. Perform unauthorized actions and access confidential data on the target device with elevated privileges.

Solution

SICK AG has released a firmware update to address the password recovery vulnerability in affected SICK SIM1012 devices. Users of vulnerable devices should visit the SICK Support Portal and download the firmware version >= 2.2. to update their devices as soon as possible to mitigate the risk of this vulnerability.

In conclusion, CVE-2022-43990 is a critical password recovery vulnerability that affects SICK SIM1012 devices with part number 1098146 and firmware versions lower than 2.2.. The vulnerability can be exploited by an unprivileged remote attacker to elevate their privileges on the target system, thereby compromising its confidentiality, integrity, and availability. To safeguard against this threat, it is essential to update the affected devices to firmware version 2.2. or higher, available through the SICK Support Portal.

Timeline

Published on: 11/01/2022 21:15:00 UTC
Last modified on: 03/31/2023 16:12:00 UTC