← Advisories

Sielco Radio Link 2.06 Improper Access Control Change Admin Password

High
Advisory ID
ZSL-2023-5760
Release Date
30 March 2023
Vendor
Sielco S.r.l - https://www.sielco.org
Affected Version
2.06 (RTX19), 2.05 (RTX19), 2.00 (EXC19), 1.60 (RTX19), 1.59 (RTX19), 1.55 (EXC19)
CVE
CVE-2023-45228
Tested On
lwIP/2.1.1, Web/2.9.3
Summary

Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption.

Description

The application suffers from improper access control when editing users. A user with Read permissions can manipulate users, passwords and permissions by sending a single HTTP POST request with modified parameters and edit other users' names, passwords and permissions including admin password.

Proof of Concept
sielco_rl_iac.htmlTXT
Disclosure Timeline
26.01.2023Vulnerability discovered.
27.01.2023Contact with the vendor and CSIRT Italia.
29.03.2023No response from the vendor.
29.03.2023No response from the CSIRT team.
30.03.2023Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/171847/
[2]https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
[3]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45228
[4]https://nvd.nist.gov/vuln/detail/CVE-2023-45228
[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/253070
[6]https://exchange.xforce.ibmcloud.com/vulnerabilities/269708
Changelog
30.03.2023Initial release
03.11.2023Added reference [1], [2], [3], [4], [5] and [6]