CVE-2023-23551 – Control By Web X-600M devices are vulnerable to... (How to Fix)

Q: What is the severity of CVE-2023-23551?

CVE-2023-23551 has a CVSS score of 9.1 (CRITICAL). Control By Web X-600M devices are vulnerable to Lua code injection, allowing remote attackers to execute arbitrary code on affected devices. This affects organizations using these industrial control system devices for remote monitoring and control applications.

📋 TL;DR

Control By Web X-600M devices are vulnerable to Lua code injection, allowing remote attackers to execute arbitrary code on affected devices. This affects organizations using these industrial control system devices for remote monitoring and control applications.

💻 Affected Systems

Products:

Control By Web X-600M

Versions: All versions prior to firmware version 1.5.0

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Devices running Lua scripts for custom functionality are vulnerable. The vulnerability exists in the Lua script execution engine.

📦 What is this software?

X 600m Firmware by Controlbyweb

View all CVEs affecting X 600m Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to modify control logic, disrupt operations, pivot to other network segments, or cause physical damage in industrial environments.

🟠

Likely Case

Remote code execution leading to device takeover, data exfiltration, or disruption of monitoring/control functions.

🟢

If Mitigated

Limited impact if devices are isolated in segmented networks with strict access controls and monitoring.

🌐 Internet-Facing: HIGH - Direct internet exposure makes exploitation trivial for attackers scanning for vulnerable devices.

🏢 Internal Only: MEDIUM - Requires internal network access but exploitation is straightforward once access is obtained.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the device's web interface. No authentication is required for the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 1.5.0

Vendor Advisory: https://www.controlbyweb.com/support/security-advisory.html

Restart Required: Yes

Instructions:

1. Download firmware 1.5.0 from Control By Web website. 2. Access device web interface. 3. Navigate to System > Firmware Update. 4. Upload new firmware file. 5. Wait for update to complete and device to reboot.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate X-600M devices in separate VLANs with strict firewall rules limiting access to authorized management stations only.

Access Control Lists

all

Implement IP-based access restrictions on network devices to block unauthorized access to X-600M web interfaces.

🧯 If You Can't Patch

Disable remote Lua script execution if not required for functionality
Implement network monitoring for suspicious traffic to/from X-600M devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > Status. If version is below 1.5.0, device is vulnerable.

Check Version:

No CLI command - check via web interface at http://[device-ip]/status

Verify Fix Applied:

Confirm firmware version shows 1.5.0 or higher in System > Status page after update.

📡 Detection & Monitoring

Log Indicators:

Unusual Lua script execution patterns
Multiple failed login attempts followed by script uploads
Unexpected firmware update attempts

Network Indicators:

HTTP POST requests to Lua script endpoints from unauthorized IPs
Unusual outbound connections from X-600M devices

SIEM Query:

source="X-600M" AND (http_method="POST" AND uri="/lua/*") OR (event="firmware_update")

📊 Metadata

CVE ID: CVE-2023-23551

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-94

Published: February 13, 2023

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01 Mitigation,Third Party Advisory,US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23551, you might also want to check these: