VDE-2023-011

Vulnerability from csaf_frauschersensortechnikgmbh - Published: 2023-07-05 08:00 - Updated: 2023-07-05 08:00
Summary
Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability
Notes
Summary: Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication.
Impact: The attacker can read all files on the filesystem of the FDS001 device. Note: Orphaned SSH keys exist on the file system, but they cannot be used to log in to the machine.
Mitigation: Security-related application conditions SecRACThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS001.The recommendation is to connect the Frauscher Diagnostic System FDS001 to a network of category 2. If the Frauscher Diagnostic System FDS001 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.
Remediation: For the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.
CVE-2023-2880

Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Mitigation Security-related application conditions SecRACThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS001.The recommendation is to connect the Frauscher Diagnostic System FDS001 to a network of category 2. If the Frauscher Diagnostic System FDS001 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added. For the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.
No Fix Planned For the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 v1.3.3 and all previous versions are vulnerable to a\u00a0path traversal vulnerability of the web interface by a crafted URL without authentication.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The attacker can read all files on the filesystem of the FDS001 device. Note: Orphaned SSH keys exist on the file system, but they cannot be used to log in to the machine.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Security-related application conditions SecRACThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS001.The recommendation is to connect the Frauscher Diagnostic System FDS001 to a network of category 2. If the Frauscher Diagnostic System FDS001 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "For the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@frauscher.com",
      "name": "Frauscher Sensortechnik GmbH",
      "namespace": "https://www.frauscher.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-011: Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-011/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-011: Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability - CSAF",
        "url": "https://frauscher.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-011.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.frauscher.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Frauscher Sensortechnik GmbH",
        "url": "https://certvde.com/en/advisories/vendor/frauscher/"
      }
    ],
    "title": "Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability",
    "tracking": {
      "aliases": [
        "VDE-2023-011"
      ],
      "current_release_date": "2023-07-05T08:00:00.000Z",
      "generator": {
        "date": "2025-04-29T17:20:57.199Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2023-011",
      "initial_release_date": "2023-07-05T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-07-05T08:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.3.3",
                    "product": {
                      "name": "Diagnostic System FDS101 for FAdC/FAdCi \u003c=1.3.3",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Diagnostic System FDS101 for FAdC/FAdCi"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Frauscher"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2880",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Security-related application conditions SecRACThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS001.The recommendation is to connect the Frauscher Diagnostic System FDS001 to a network of category 2. If the Frauscher Diagnostic System FDS001 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.\n\nFor the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.",
          "product_ids": [
            "CSAFPID-51001"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "For the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.\n\n",
          "product_ids": [
            "CSAFPID-51001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2023-2880"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.