MidnightBSD

Advisories for sielco

CVE-2023-0897

Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sielco polyeco300_firmware 10.19
sielco polyeco500_firmware 1.7.0
sielco polyeco500_firmware 10.16
sielco polyeco1000_firmware 2.0.6
sielco polyeco300_firmware 2.0.2
sielco polyeco1000_firmware 1.9.3
sielco polyeco1000_firmware 1.9.4
sielco polyeco1000_firmware 10.19
sielco polyeco300_firmware 2.0.0
CVE-2023-41966

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
ics-cert@hq.dhs.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
sielco analog_fm_transmitter_exc300gx_firmware -
sielco analog_fm_transmitter_exc2000gx_firmware -
sielco analog_fm_transmitter_exc120gx_firmware -
sielco analog_fm_transmitter_exc5000gx_firmware -
sielco analog_fm_transmitter_exc100gt_firmware -
sielco radio_link_rtx19_firmware -
sielco analog_fm_transmitter_exc1600gx_firmware -
sielco analog_fm_transmitter_exc120gt_firmware -
sielco analog_fm_transmitter_exc1000gt_firmware -
sielco radio_link_exc19_firmware -
sielco analog_fm_transmitter_exc1000gx_firmware -
sielco analog_fm_transmitter_exc5000gt_firmware -
sielco analog_fm_transmitter_exc30gt_firmware -
sielco analog_fm_transmitter_exc3000gx_firmware -
sielco analog_fm_transmitter_exc300gt_firmware -
CVE-2023-42769

The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sielco analog_fm_transmitter_exc300gx_firmware -
sielco analog_fm_transmitter_exc2000gx_firmware -
sielco analog_fm_transmitter_exc120gx_firmware -
sielco analog_fm_transmitter_exc5000gx_firmware -
sielco analog_fm_transmitter_exc100gt_firmware -
sielco radio_link_rtx19_firmware -
sielco analog_fm_transmitter_exc1600gx_firmware -
sielco analog_fm_transmitter_exc120gt_firmware -
sielco analog_fm_transmitter_exc1000gt_firmware -
sielco radio_link_exc19_firmware -
sielco analog_fm_transmitter_exc1000gx_firmware -
sielco analog_fm_transmitter_exc5000gt_firmware -
sielco analog_fm_transmitter_exc30gt_firmware -
sielco analog_fm_transmitter_exc3000gx_firmware -
sielco analog_fm_transmitter_exc300gt_firmware -
CVE-2023-45228

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
ics-cert@hq.dhs.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
sielco analog_fm_transmitter_exc300gx_firmware -
sielco analog_fm_transmitter_exc2000gx_firmware -
sielco analog_fm_transmitter_exc120gx_firmware -
sielco analog_fm_transmitter_exc5000gx_firmware -
sielco analog_fm_transmitter_exc100gt_firmware -
sielco radio_link_rtx19_firmware -
sielco analog_fm_transmitter_exc1600gx_firmware -
sielco analog_fm_transmitter_exc120gt_firmware -
sielco analog_fm_transmitter_exc1000gt_firmware -
sielco radio_link_exc19_firmware -
sielco analog_fm_transmitter_exc1000gx_firmware -
sielco analog_fm_transmitter_exc5000gt_firmware -
sielco analog_fm_transmitter_exc30gt_firmware -
sielco analog_fm_transmitter_exc3000gx_firmware -
sielco analog_fm_transmitter_exc300gt_firmware -
CVE-2023-45317

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sielco analog_fm_transmitter_exc300gx_firmware -
sielco analog_fm_transmitter_exc2000gx_firmware -
sielco analog_fm_transmitter_exc120gx_firmware -
sielco analog_fm_transmitter_exc5000gx_firmware -
sielco analog_fm_transmitter_exc100gt_firmware -
sielco radio_link_rtx19_firmware -
sielco analog_fm_transmitter_exc1600gx_firmware -
sielco analog_fm_transmitter_exc120gt_firmware -
sielco analog_fm_transmitter_exc1000gt_firmware -
sielco radio_link_exc19_firmware -
sielco analog_fm_transmitter_exc1000gx_firmware -
sielco analog_fm_transmitter_exc5000gt_firmware -
sielco analog_fm_transmitter_exc30gt_firmware -
sielco analog_fm_transmitter_exc3000gx_firmware -
sielco analog_fm_transmitter_exc300gt_firmware -
CVE-2023-46661

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sielco polyeco300_firmware 10.19
sielco polyeco500_firmware 1.7.0
sielco polyeco500_firmware 10.16
sielco polyeco1000_firmware 2.0.6
sielco polyeco300_firmware 2.0.2
sielco polyeco1000_firmware 1.9.3
sielco polyeco1000_firmware 1.9.4
sielco polyeco1000_firmware 10.19
sielco polyeco300_firmware 2.0.0
CVE-2023-46662

Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sielco polyeco300_firmware 10.19
sielco polyeco500_firmware 1.7.0
sielco polyeco500_firmware 10.16
sielco polyeco1000_firmware 2.0.6
sielco polyeco300_firmware 2.0.2
sielco polyeco1000_firmware 1.9.3
sielco polyeco1000_firmware 1.9.4
sielco polyeco1000_firmware 10.19
sielco polyeco300_firmware 2.0.0
CVE-2023-46663

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
sielco polyeco300_firmware 10.19
sielco polyeco500_firmware 1.7.0
sielco polyeco500_firmware 10.16
sielco polyeco1000_firmware 2.0.6
sielco polyeco300_firmware 2.0.2
sielco polyeco1000_firmware 1.9.3
sielco polyeco1000_firmware 1.9.4
sielco polyeco1000_firmware 10.19
sielco polyeco300_firmware 2.0.0
CVE-2023-46664

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
sielco polyeco300_firmware 10.19
sielco polyeco500_firmware 1.7.0
sielco polyeco500_firmware 10.16
sielco polyeco1000_firmware 2.0.6
sielco polyeco300_firmware 2.0.2
sielco polyeco1000_firmware 1.9.3
sielco polyeco1000_firmware 1.9.4
sielco polyeco1000_firmware 10.19
sielco polyeco300_firmware 2.0.0
CVE-2023-46665

Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sielco polyeco300_firmware 10.19
sielco polyeco500_firmware 1.7.0
sielco polyeco500_firmware 10.16
sielco polyeco1000_firmware 2.0.6
sielco polyeco300_firmware 2.0.2
sielco polyeco1000_firmware 1.9.3
sielco polyeco1000_firmware 1.9.4
sielco polyeco1000_firmware 10.19
sielco polyeco300_firmware 2.0.0
CVE-2023-5754

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
sielco polyeco300_firmware 10.19
sielco polyeco500_firmware 1.7.0
sielco polyeco500_firmware 10.16
sielco polyeco1000_firmware 2.0.6
sielco polyeco300_firmware 2.0.2
sielco polyeco1000_firmware 1.9.3
sielco polyeco1000_firmware 1.9.4
sielco polyeco1000_firmware 10.19
sielco polyeco300_firmware 2.0.0