CVE-2022-1668 : Security Advisory and Response
Understand the impact of CVE-2022-1668, a critical vulnerability in Secheron SEPCOS Control and Protection Relay, allowing remote attackers to exploit weak default root user credentials.
This article provides an in-depth analysis of CVE-2022-1668, a vulnerability in the SEPCOS Control and Protection Relay firmware package by Secheron.
Understanding CVE-2022-1668
CVE-2022-1668 is a critical vulnerability that allows remote attackers to exploit weak default root user credentials, gaining easy access to OS superuser privileges over the open TCP port for SSH.
What is CVE-2022-1668?
The vulnerability in the SEPCOS Control and Protection Relay firmware package by Secheron permits attackers to obtain superuser privileges through SSH due to weak default root user credentials.
The Impact of CVE-2022-1668
The impact of this vulnerability is severe, with a CVSS base score of 9.8 (Critical). It has a high impact on confidentiality, integrity, and availability, making it crucial to address promptly.
Technical Details of CVE-2022-1668
CVE-2022-1668 affects all versions of the SEPCOS Control and Protection Relay firmware package by Secheron, specifically versions less than 1.23.21.
Vulnerability Description
The vulnerability arises from weak default root user credentials, enabling attackers to gain superuser privileges over SSH.
Affected Systems and Versions
All versions of the SEPCOS Control and Protection Relay firmware package by Secheron are impacted, particularly those with versions lower than 1.23.21.
Exploitation Mechanism
Attackers can exploit this vulnerability remotely through the open TCP port for SSH, leveraging weak default root user credentials to escalate privileges.
Mitigation and Prevention
To mitigate the risks associated with CVE-2022-1668, immediate steps should be taken alongside long-term security practices and regular patching.
Immediate Steps to Take
- Update the SEPCOS firmware to the latest versions recommended by Secheron.
- Implement additional workarounds to restrict access and enhance security measures.
Long-Term Security Practices
- Configure the network to limit PLC communications strictly.
- Restrict remote access and close unnecessary ports.
- Use only approved devices to connect to PLCs and avoid personal peripherals.
- Monitor device logs for unauthorized activities during maintenance.
Patching and Updates
Ensure that the SEPCOS firmware is regularly updated to the latest versions provided by Secheron to address vulnerabilities and improve security measures.