CVE-2023-47576
📋 TL;DR
This vulnerability allows authenticated attackers to execute arbitrary commands on Relyum RELY-PCIe and RELY-REC devices through the web interface. Attackers with valid credentials can inject malicious commands that get executed with system privileges. Organizations using these specific Relyum products are affected.
💻 Affected Systems
- RELY-PCIe
- RELY-REC
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary commands with system privileges, potentially leading to data theft, device takeover, or lateral movement within the network.
Likely Case
Authenticated attackers gaining command execution capabilities to modify configurations, exfiltrate data, or disrupt industrial control system operations.
If Mitigated
Limited impact if proper network segmentation, authentication controls, and monitoring are in place to detect and prevent exploitation attempts.
🎯 Exploit Status
Exploitation requires authenticated access but command injection is typically straightforward once authentication is bypassed or obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Contact vendor for patched versions
Vendor Advisory: https://www.relyum.com/web/support/vulnerability-report/
Restart Required: Yes
Instructions:
1. Contact Relyum support for patched firmware versions. 2. Backup device configurations. 3. Apply firmware update following vendor instructions. 4. Restart device. 5. Verify update was successful.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Relyum devices from untrusted networks and restrict access to authorized IPs only
Access Control Hardening
allImplement strong authentication policies, multi-factor authentication, and limit user privileges
🧯 If You Can't Patch
- Implement strict network access controls to limit web interface access to trusted IP addresses only
- Monitor authentication logs and web interface access for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface or CLI. Vulnerable if running RELY-PCIe 22.2.1 or RELY-REC 23.1.0Check Version:
Check via web interface System Information page or contact vendor for CLI commandsVerify Fix Applied:
Verify firmware version has been updated to a version newer than the affected releases📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Multiple failed authentication attempts followed by successful login
- Web interface access from unusual IP addresses
Network Indicators:
- Unusual outbound connections from Relyum devices
- Suspicious payloads in HTTP requests to web interface
SIEM Query:
source="relyum-device" AND (event_type="command_execution" OR http_request CONTAINS "cmd" OR http_request CONTAINS "exec")