CVE-2022-2105 : What You Need to Know
Learn about CVE-2022-2105 affecting Secheron's SEPCOS Control and Protection Relay firmware. Understand the impact, technical details, and mitigation steps to secure your systems.
Client-side JavaScript controls in the SEPCOS Control and Protection Relay firmware package by Secheron may be bypassed, leading to unauthorized changes in user credentials and permissions without authentication. This vulnerability allows access to critical parameters at the web server root level.
Understanding CVE-2022-2105
This section will delve into the details of CVE-2022-2105.
What is CVE-2022-2105?
The vulnerability in the SEPCOS Control and Protection Relay firmware package allows attackers to change user credentials and permissions without proper authentication, enabling access to critical parameters at the root level.
The Impact of CVE-2022-2105
With a CVSS base score of 9.4 (Critical), this vulnerability poses a severe threat. It has a low impact on confidentiality, high impact on integrity, and high availability impact. The attack complexity is low, and it requires no privileges or user interaction, making it easier for threat actors to exploit.
Technical Details of CVE-2022-2105
Let's explore the technical aspects of CVE-2022-2105.
Vulnerability Description
The vulnerability allows the bypassing of client-side JavaScript controls, leading to unauthorized changes in user credentials and permissions without proper authentication. This enables access to safety critical parameters at the root level of the web server.
Affected Systems and Versions
All versions of the SEPCOS Control and Protection Relay firmware package less than 1.23.21 are affected. Versions 1.24.8 and 1.25.3 are also vulnerable.
Exploitation Mechanism
Attackers can exploit this vulnerability by manipulating client-side JavaScript controls to gain unauthorized access at the root level of the web server, enabling changes in critical parameters.
Mitigation and Prevention
Protecting your systems from CVE-2022-2105 is crucial. Here are some steps to mitigate and prevent attacks.
Immediate Steps to Take
- Update the SEPCOS Control and Protection Relay firmware package to the latest recommended versions: 1.23.22 or higher for feature level 1.23.xx, 1.24.8 or higher for 1.24.xx, and 1.25.3 or higher for 1.25.xx.
- Configure the network to limit PLC communications strictly to necessary devices.
- Restrict remote access and close Ports 80 and 443 at the switch level.
Long-Term Security Practices
- Use only approved devices to connect to PLCs.
- Avoid connecting personal peripherals to approved devices.
- Regularly check device logs for unauthorized changes or access during maintenance.
Patching and Updates
Stay updated on security patches and implement them promptly. Regularly check for firmware updates from Secheron to address security vulnerabilities.