VDE-2023-049

Vulnerability from csaf_frauschersensortechnikgmbh - Published: 2023-12-11 07:00 - Updated: 2023-12-11 07:00
Summary
Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability
Notes
Summary: Frauscher Sensortechnik GmbH FDS102 for FAdC/FAdCi v2.10.1 is vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface by using an authenticated session cookie.
Impact: This vulnerability may lead to a full compromise of the FDS102 device.
Mitigation: Security-related application conditions SecRAC The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS102. The recommendation is to connect the Frauscher Diagnostic System FDS102 to a network of category 2. If the Frauscher Diagnostic System FDS102 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.
Remediation: Update to FDS102 v2.10.2
CVE-2023-5500

This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.

8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Mitigation Security-related application conditions SecRAC The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS102. The recommendation is to connect the Frauscher Diagnostic System FDS102 to a network of category 2. If the Frauscher Diagnostic System FDS102 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.
Vendor Fix Update to FDS102 v2.10.2
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Frauscher Sensortechnik GmbH FDS102 for FAdC/FAdCi v2.10.1 is vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface by using an authenticated session cookie.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "This vulnerability\u00a0may lead to a full compromise of the FDS102 device.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Security-related application conditions SecRAC\n\nThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS102.\n\nThe recommendation is to connect the Frauscher Diagnostic System FDS102 to a network of category 2. If the Frauscher Diagnostic System FDS102 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update to FDS102 v2.10.2",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@frauscher.com",
      "name": "Frauscher Sensortechnik GmbH",
      "namespace": "https://www.frauscher.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2023-049: Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2023-049/"
      },
      {
        "category": "self",
        "summary": "VDE-2023-049: Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability - CSAF",
        "url": "https://frauscher.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-049.json"
      },
      {
        "category": "external",
        "summary": "Vendor PSIRT",
        "url": "https://www.frauscher.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Frauscher Sensortechnik GmbH",
        "url": "https://certvde.com/en/advisories/vendor/frauscher/"
      }
    ],
    "title": "Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability",
    "tracking": {
      "aliases": [
        "VDE-2023-049"
      ],
      "current_release_date": "2023-12-11T07:00:00.000Z",
      "generator": {
        "date": "2025-05-05T08:24:30.960Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2023-049",
      "initial_release_date": "2023-12-11T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-12-11T07:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "FDS102 for FAdC/FAdCi",
                "product": {
                  "name": "FDS102 for FAdC/FAdCi",
                  "product_id": "CSAFPID-11001"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "2.10.0\u003c=2.10.1",
                "product": {
                  "name": "Firmware 2.10.0\u003c=2.10.1",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "v2.10.2",
                "product": {
                  "name": "Firmware v2.10.2",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Frauscher"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.10.0\u003c=2.10.1 installed on FDS102 for FAdC/FAdCi",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware v2.10.2 installed on FDS102 for FAdC/FAdCi",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-5500",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code (\u0027Code Injection\u0027) to gain full control of the affected device.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Security-related application conditions SecRAC\n\nThe railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS102.\n\nThe recommendation is to connect the Frauscher Diagnostic System FDS102 to a network of category 2. If the Frauscher Diagnostic System FDS102 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to FDS102 v2.10.2",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2023-5500"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.