#VU82530 Permissions, Privileges, and Access Controls in Sielco products - CVE-2023-41966


Vulnerability identifier: #VU82530

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-41966

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Analog FM transmitter EXC5000GX
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC120GX
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC300GX
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC1600GX
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC2000GX
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC1000GX
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC3000GX
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC30GT
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC300GT
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC100GT
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC5000GT
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter EXC1000GT
Hardware solutions / Routers & switches, VoIP, GSM, etc
Analog FM transmitter: EXC120GT
Hardware solutions / Routers & switches, VoIP, GSM, etc
Radio Link RTX19
Hardware solutions / Routers & switches, VoIP, GSM, etc
Radio Link EXC19
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Sielco

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A remote user can send a HTTP POST to set a parameter and gain elevated privileges.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Analog FM transmitter EXC5000GX: 2.06 - 2.12

Analog FM transmitter EXC120GX: 2.12

Analog FM transmitter EXC300GX: 2.11

Analog FM transmitter EXC1600GX: 2.08 - 2.10

Analog FM transmitter EXC2000GX: 2.10

Analog FM transmitter EXC1000GX: 2.08

Analog FM transmitter EXC3000GX: 2.07

Analog FM transmitter EXC30GT: 1.7.7

Analog FM transmitter EXC300GT: 1.7.4

Analog FM transmitter EXC100GT: 1.7.4

Analog FM transmitter EXC5000GT: 1.7.4

Analog FM transmitter EXC1000GT: 1.6.3

Analog FM transmitter: EXC120GT: 1.5.4

Radio Link RTX19: 1.59 - 2.06

Radio Link EXC19: 1.55 - 2.00

External links
https://www.sielco.org/en/contacts
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Sielco Radio Link and Analog FM Transmitters