Vulnerability Report

[Suggested description] CVE-2023-47573

A vulnerability has been identified in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.

Vulnerability Type: Incorrect Access Control
Vendor of Product: System-on-Chip engineering S.L.
Affected Product Code Base: RELY-PCIe – 22.2.1
Affected Component: Web server of the equipment
Attack Type: Remote
Impact: Escalation of Privileges
Attack Vectors: An attacker can change settings, including administrative passwords.
Vendor Confirmation: True
Discoverer: Michael Messner and Benedikt Kühne from Siemens Energy

[Suggested description] CVE-2023-47574

A vulnerability exists in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices due to a Weak SMB configuration with signing disabled.

Vulnerability Type: Incorrect Access Control
Vendor of Product: System-on-Chip engineering S.L.
Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
Attack Type: Remote
Impact: Information Disclosure
Attack Vectors: Possible man-in-the-middle attacks.
Vendor Confirmation: True
Discoverer: Michael Messner and Benedikt Kühne from Siemens Energy

[Suggested description] CVE-2023-47575

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are vulnerable to reflected XSS in their web interfaces.

Vulnerability Type: Cross Site Scripting (XSS)
Vendor of Product: System-on-Chip engineering S.L.
Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
Affected Component: Impact on web visualization
Attack Type: Remote
CVE Impact: Other (impact on web visualization)
Attack Vectors: Attacker can perform arbitrary actions on the web application.
Vendor Confirmation: True
Discoverer: Michael Messner and Benedikt Kühne from Siemens Energy

[Suggested description] CVE-2023-47576

A vulnerability is present in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface.

Vulnerability Type: Command Injection
Vendor of Product: System-on-Chip engineering S.L.
Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
Affected Component: Web server of the equipment
Attack Type: Remote
Impact: Code execution, Escalation of Privileges
Attack Vectors: Attacker can execute commands as the www-data system user.
Vendor Confirmation: True
Discoverer: Michael Messner and Benedikt Kühne from Siemens Energy

[Suggested description] CVE-2023-47577

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices have a vulnerability where there is no check for the current password, allowing unauthorized password changes.

Vulnerability Type: No Check for Current Password
Vendor of Product: System-on-Chip engineering S.L.
Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
Affected Component: Web, Command Line Interface
Attack Type: Remote
Impact: Escalation of Privileges
Attack Vectors: Attacker can change passwords without knowing the current password.
Vendor Confirmation: True
Discoverer: Michael Messner and Benedikt Kühne from Siemens Energy

[Suggested description] CVE-2023-47578

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.

Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: System-on-Chip engineering S.L.
Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
Affected Component: Web interface
Attack Type: Remote
CVE Impact: Other (CSRF)
Attack Vectors: Attacker can force the victim to perform actions without detection, potentially combined with other vulnerabilities.
Vendor Confirmation: True
Discoverer: Michael Messner and Benedikt Kühne from Siemens Energy

[Suggested description] CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.

Vulnerability Type: Incorrect Access Control, Misconfiguration
Vendor of Product: System-on-Chip engineering S.L.
Affected Product Code Base: RELY-PCIe – 22.2.1
Attack Type: Remote
Impact: Escalation of Privileges
Attack Vectors: Password hashes extraction via other vulnerabilities.
Vendor Confirmation: True
Discoverer: Michael Messner and Benedikt Kühne from Siemens Energy

[Suggested description] CVE-2021-44142, CVE-2017-7494, and CVE-2015-3200

Relyum devices use outdated software components with known vulnerabilities, leaving them exposed to potential exploits.

Vulnerability Type: Outdated Software Components
Vendor of Product: System-on-Chip engineering S.L.
Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
Affected Component: Relyum-outdated software components with known vulnerabilities
Attack Type: Remote
CVE Impact: None
Attack Vectors: Remote compromise of the device (depends on the vulnerable component and the configuration).
Vendor Confirmation: True
Discoverer: Michael Messner and Benedikt Kühne from Siemens Energy

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.