← Advisories

Sielco Radio Link 2.06 'id' Cookie Brute Force Session Hijacking

High
Advisory ID
ZSL-2023-5762
Release Date
30 March 2023
Vendor
Sielco S.r.l - https://www.sielco.org
Affected Version
2.06 (RTX19), 2.05 (RTX19), 2.00 (EXC19), 1.60 (RTX19), 1.59 (RTX19), 1.55 (EXC19)
CVE
CVE-2023-42769
Tested On
lwIP/2.1.1, Web/2.9.3
Summary

Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption.

Description

The Cookie session ID 'id' is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication and manipulate the transmitter.

Proof of Concept
sielco_rl_sess.txtTXT
Disclosure Timeline
26.01.2023Vulnerability discovered.
27.01.2023Contact with the vendor and CSIRT Italia.
29.03.2023No response from the vendor.
29.03.2023No response from the CSIRT team.
30.03.2023Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/171844/Sielco-Radio-Link-2.06-Cookie-Brute-Force.html
[2]https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
[3]https://nvd.nist.gov/vuln/detail/CVE-2023-42769
[4]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42769
[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/253073
[6]https://exchange.xforce.ibmcloud.com/vulnerabilities/269706
Changelog
30.03.2023Initial release
03.11.2023Added reference [1], [2], [3], [4], [5] and [6]