VDE-2023-038

Vulnerability from csaf_frauschersensortechnikgmbh - Published: 2023-09-21 06:00 - Updated: 2023-09-21 06:00
Summary
Frauscher: Multiple Vulnerabilities in FDS101
Notes
Summary: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are prone to multiple vulnerabilities which could lead up to a full compromise of the FDS101 device.
Impact: Please consult the CVE Entries above.
Mitigation: Security-related application conditions SecRAC The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS101. The recommendation is to connect the Frauscher Diagnostic System FDS101 to a network of category 2. If the Frauscher Diagnostic System FDS101 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.
Remediation: Update to FDS102 v2.10.1
CVE-2023-4292

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.

5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Mitigation Security-related application conditions SecRAC The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS101. The recommendation is to connect the Frauscher Diagnostic System FDS101 to a network of category 2. If the Frauscher Diagnostic System FDS101 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.
Vendor Fix Update to FDS102 v2.10.1
CVE-2023-4291

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Mitigation Security-related application conditions SecRAC The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS101. The recommendation is to connect the Frauscher Diagnostic System FDS101 to a network of category 2. If the Frauscher Diagnostic System FDS101 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.
Vendor Fix Update to FDS102 v2.10.1
CVE-2023-4152

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Mitigation Security-related application conditions SecRAC The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS101. The recommendation is to connect the Frauscher Diagnostic System FDS101 to a network of category 2. If the Frauscher Diagnostic System FDS101 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.
Vendor Fix Update to FDS102 v2.10.1
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are\u00a0prone\u00a0to\u00a0multiple vulnerabilities which\u00a0could lead up to a full compromise of the FDS101 device.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Please\u00a0consult the CVE Entries above.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Security-related application conditions SecRAC\nThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS101.\nThe recommendation is to connect the Frauscher Diagnostic System FDS101 to a network of category 2.\nIf the Frauscher Diagnostic System FDS101 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update to FDS102 v2.10.1",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@frauscher.com",
      "name": "Frauscher Sensortechnik GmbH",
      "namespace": "https://www.frauscher.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-038: Frauscher: Multiple Vulnerabilities in FDS101 - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-038/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-038: Frauscher: Multiple Vulnerabilities in FDS101 - CSAF",
        "url": "https://frauscher.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-038.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.frauscher.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Frauscher Sensortechnik GmbH",
        "url": "https://certvde.com/en/advisories/vendor/frauscher/"
      }
    ],
    "title": "Frauscher: Multiple Vulnerabilities in FDS101",
    "tracking": {
      "aliases": [
        "VDE-2023-038"
      ],
      "current_release_date": "2023-09-21T06:00:00.000Z",
      "generator": {
        "date": "2025-04-30T09:30:14.935Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2023-038",
      "initial_release_date": "2023-09-21T06:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-09-21T06:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "FDS101 for FAdC/FAdCi",
                "product": {
                  "name": "FDS101 for FAdC/FAdCi",
                  "product_id": "CSAFPID-11001"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.4.24",
                "product": {
                  "name": "Firmware \u003c=1.4.24",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "v2.10.1",
                "product": {
                  "name": "Firmware v2.10.1",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Frauscher"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.4.24 installed on FDS101 for FAdC/FAdCi",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware v2.10.1 installed on FDS101 for FAdC/FAdCi",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4292",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.\n\n\n\n",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Security-related application conditions SecRAC\nThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS101.\nThe recommendation is to connect the Frauscher Diagnostic System FDS101 to a network of category 2.\nIf the Frauscher Diagnostic System FDS101 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to FDS102 v2.10.1",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2023-4292"
    },
    {
      "cve": "CVE-2023-4291",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication.\u00a0This could lead to a full compromise of the FDS101 device.\n\n\n",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Security-related application conditions SecRAC\nThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS101.\nThe recommendation is to connect the Frauscher Diagnostic System FDS101 to a network of category 2.\nIf the Frauscher Diagnostic System FDS101 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to FDS102 v2.10.1",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2023-4291"
    },
    {
      "cve": "CVE-2023-4152",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.\n",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Security-related application conditions SecRAC\nThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS101.\nThe recommendation is to connect the Frauscher Diagnostic System FDS101 to a network of category 2.\nIf the Frauscher Diagnostic System FDS101 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to FDS102 v2.10.1",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2023-4152"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.