CVE-2023-5288: Critical Bug in SICK SIM1012 Devices Could Allow Remote Attacks
A critical vulnerability has been discovered in SICK SIM1012 devices from Germany-based sensor maker SICK. The vulnerability, tracked as CVE-2023-5288 (CVSS score of 9.8), could allow remote attackers to reconfigure or disrupt the devices.
The vulnerability is related to the fact that all Ethernet ports on SICK SIM1012 devices are open by factory default. This allows an attacker to connect to the device and interact with it without authentication.
An attacker could exploit this vulnerability to change the device’s configuration settings, reset the device, or even upload a new firmware version. This could allow the attacker to take complete control of the device and use it for malicious purposes.
SICK SIM1012 devices are used worldwide, particularly in the critical manufacturing sector. This means that this vulnerability could have a significant impact on businesses and organizations that rely on these devices.
The impact of this vulnerability is significant, as it could allow attackers to take complete control of affected devices. This could lead to a variety of negative consequences, including:
- Disruption of operations: An attacker could change the configuration of a SIM1012 device to disrupt its operation. This could lead to downtime or other problems for businesses and organizations that rely on the device.
- Data theft: An attacker could exploit the vulnerability to steal data from a SIM1012 device. This could include sensitive data such as customer information, trade secrets, or intellectual property.
- Malware infection: An attacker could upload malware to a SIM1012 device. This malware could then be used to spread to other devices on the network or to launch attacks against other systems.
The silver lining here is that SICK, in a recent advisory, has mentioned they are not currently aware of any exploits in the wild targeting this specific flaw. However, given the potential risks associated, it’s only a matter of time before cyber adversaries get wind of this and try their luck.
To mitigate the risk of the CVE-2023-5288 vulnerability, SICK recommends that users disable ports 2111 and 2122 on their SIM1012 devices once they are put into operation. SICK also recommends using the SICK AppManager in version 1.5.6 or higher for the commissioning of SIM1012 devices.
