CVE-2023-47579 – Relyum RELY-PCIe 22.2.1 devices have a system g... (How to Fix)

Q: What is the severity of CVE-2023-47579?

CVE-2023-47579 has a CVSS score of 7.5 (HIGH). Relyum RELY-PCIe 22.2.1 devices have a system group misconfiguration that allows unauthorized read access to the operating system's central password hash file. This affects organizations using these specific industrial networking devices, potentially exposing credential hashes that could be cracked offline.

📋 TL;DR

Relyum RELY-PCIe 22.2.1 devices have a system group misconfiguration that allows unauthorized read access to the operating system's central password hash file. This affects organizations using these specific industrial networking devices, potentially exposing credential hashes that could be cracked offline.

💻 Affected Systems

Products:

Relyum RELY-PCIe

Versions: 22.2.1

Operating Systems: Embedded Linux-based OS on Relyum devices

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices running the specific vulnerable firmware version. Industrial control systems using these devices are particularly at risk.

📦 What is this software?

Rely Pcie Firmware by Relyum

View all CVEs affecting Rely Pcie Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain password hashes, crack them offline, achieve administrative access, and compromise the entire industrial control system network.

🟠

Likely Case

Attackers with internal access extract password hashes, crack weaker passwords, and gain elevated privileges on affected devices.

🟢

If Mitigated

With proper network segmentation and monitoring, attackers may obtain hashes but cannot crack strong passwords or move laterally.

🌐 Internet-Facing: MEDIUM - If devices are exposed to the internet, attackers could potentially access them directly, though exploitation requires some system access.

🏢 Internal Only: HIGH - Internal attackers or compromised systems can easily exploit this to escalate privileges within industrial networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of system access to read the password file. The vulnerability is in file permissions configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for latest patched version

Vendor Advisory: https://www.relyum.com/web/support/vulnerability-report/

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download latest firmware from Relyum support portal. 3. Follow vendor's firmware update procedure. 4. Verify new version is installed. 5. Test device functionality.

🔧 Temporary Workarounds

Restrict File Permissions

linux

Manually adjust permissions on the password hash file to restrict read access to authorized users only.

chmod 600 /etc/shadow
chown root:root /etc/shadow

Network Segmentation

all

Isolate Relyum devices in separate network segments with strict access controls.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from general network traffic
Enable detailed logging and monitoring for unauthorized access attempts to system files

🔍 How to Verify

Check if Vulnerable:

Check if /etc/shadow file has overly permissive permissions (e.g., world-readable) on Relyum RELY-PCIe 22.2.1 devices using 'ls -la /etc/shadow'

Check Version:

Check device web interface or use vendor-specific CLI command to display firmware version

Verify Fix Applied:

Verify /etc/shadow permissions are restricted (e.g., -rw-------) and confirm firmware version is updated beyond 22.2.1

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to /etc/shadow file
Unexpected privilege escalation events
Failed authentication followed by successful access

Network Indicators:

Unusual network traffic to/from industrial control devices
Protocol anomalies in industrial network segments

SIEM Query:

source="relyum-device" AND (event="file_access" AND file="/etc/shadow") OR (event="authentication" AND result="success" AFTER result="failure")

📊 Metadata

CVE ID: CVE-2023-47579

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

Published: December 13, 2023

Last Updated: November 21, 2024

🔗 References

https://www.relyum.com/web/support/vulnerability-report/ Vendor Advisory
https://www.relyum.com/web/support/vulnerability-report/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47579, you might also want to check these: