CVE-2023-47577
📋 TL;DR
This vulnerability in Relyum RELY-PCIe and RELY-REC allows attackers to change passwords without providing the current password, bypassing authentication controls. It affects all users of these specific industrial networking products, potentially compromising system integrity and availability.
💻 Affected Systems
- RELY-PCIe
- RELY-REC
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover by unauthorized actors who can change administrative passwords, potentially disrupting critical industrial operations or enabling further attacks on connected systems.
Likely Case
Unauthorized password changes leading to loss of system access for legitimate users, potential data manipulation, and disruption of industrial control processes.
If Mitigated
Limited impact if systems are isolated from untrusted networks and have strong access controls, though the vulnerability remains present in the software.
🎯 Exploit Status
The vulnerability is simple to exploit - just send password change request without current password. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.relyum.com/web/support/vulnerability-report/
Restart Required: Yes
Instructions:
1. Check vendor advisory for patched versions. 2. Download updated firmware from Relyum support portal. 3. Backup current configuration. 4. Apply firmware update following vendor instructions. 5. Restart device. 6. Verify fix by testing password change functionality.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices from untrusted networks and limit access to authorized management systems only.
Access Control Lists
allImplement strict network ACLs to only allow management access from specific trusted IP addresses.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected devices from all untrusted networks
- Monitor for unauthorized password change attempts and implement alerting for such activities
🔍 How to Verify
Check if Vulnerable:
Check device version via web interface or CLI. If running RELY-PCIe 22.2.1 or RELY-REC 23.1.0, device is vulnerable.Check Version:
Check via device web interface or vendor-specific CLI commands (varies by product)Verify Fix Applied:
After patching, attempt to change password without providing current password - this should fail. Verify version is updated to patched release.📡 Detection & Monitoring
Log Indicators:
- Password change events without current password verification
- Multiple failed login attempts followed by password changes
- Password changes from unexpected IP addresses
Network Indicators:
- HTTP POST requests to password change endpoints without current password parameter
- Unusual network traffic to management interfaces
SIEM Query:
source="relyum-device" AND (event_type="password_change" AND NOT current_password_provided="true")