Cloud Defense Logo

Products

Solutions

Company

CVE-2022-2103 : Security Advisory and Response

Know about CVE-2022-2103, a critical vulnerability in Secheron's SEPCOS Control and Protection Relay firmware package allowing unauthorized access, impacting confidentiality, integrity, and system availability.

This article provides an overview of CVE-2022-2103, a critical vulnerability found in Secheron's SEPCOS Control and Protection Relay firmware package.

Understanding CVE-2022-2103

CVE-2022-2103 is a serious vulnerability that can be exploited by attackers with weak credentials to access the TCP port via an open FTP port, enabling them to read sensitive files and write to remotely executable directories.

What is CVE-2022-2103?

The vulnerability in Secheron's SEPCOS firmware package allows unauthorized access to critical system files and directories, potentially leading to data breaches and system compromise.

The Impact of CVE-2022-2103

With a CVSS base score of 9.8, this critical vulnerability poses a high risk to confidentiality, integrity, and availability of systems. Attackers can exploit this flaw to execute malicious activities and compromise sensitive data.

Technical Details of CVE-2022-2103

This section delves into specific technical details of the CVE-2022-2103 vulnerability.

Vulnerability Description

The vulnerability arises from weak credentials that enable unauthorized access to the TCP port via an open FTP port, providing attackers with the ability to read and write to critical system directories.

Affected Systems and Versions

All versions of the SEPCOS Control and Protection Relay firmware package less than 1.23.21 are impacted, including version 1.24.8 and 1.25.3. Users of these versions are at risk of exploitation.

Exploitation Mechanism

Attackers can exploit this vulnerability by leveraging weak credentials to gain access to the TCP port through an open FTP port, allowing them to manipulate sensitive files remotely.

Mitigation and Prevention

To mitigate the risks associated with CVE-2022-2103, immediate actions and long-term security practices are recommended.

Immediate Steps to Take

        Limit remote access and close Ports 80 and 443 at the switch level.
        Configure the network to restrict PLC communications to only necessary devices.
        Use approved devices to connect to PLCs, avoiding personal peripherals like USB sticks.
        Regularly check device logs for unauthorized access or changes during maintenance.

Long-Term Security Practices

Incorporate regular software updates and security patches to ensure system resilience against evolving threats.

Patching and Updates

Secheron recommends updating the SEPCOS firmware package to the latest versions:

        For 1.23.xx feature level: Update to version 1.23.22 or higher.
        For 1.24.xx feature level: Update to version 1.24.8 or higher.
        For 1.25.xx feature level: Update to version 1.25.3 or higher.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now