CVE-2024-44572
📋 TL;DR
RELY-PCIe versions v22.2.1 through v23.1.0 contain a command injection vulnerability in the sys_mgmt function that allows attackers to execute arbitrary commands on affected systems. This affects organizations using RELY-PCIe hardware/software for industrial or embedded systems. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- RELY-PCIe
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with root/administrator privileges, allowing attackers to install persistent backdoors, exfiltrate sensitive data, disrupt industrial operations, or pivot to other network systems.
Likely Case
Unauthorized command execution leading to service disruption, data theft, or installation of cryptocurrency miners/ransomware on vulnerable systems.
If Mitigated
Limited impact if proper network segmentation, least privilege, and input validation are implemented, potentially restricting damage to isolated segments.
🎯 Exploit Status
Command injection vulnerabilities typically have low exploitation complexity once the attack vector is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v23.1.1 or later
Vendor Advisory: https://www.relyum.com/web/support/vulnerability-report/
Restart Required: Yes
Instructions:
1. Download the latest RELY-PCIe firmware/software from the vendor portal. 2. Backup current configuration. 3. Apply the update following vendor documentation. 4. Restart the system. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict network access to RELY-PCIe management interfaces using firewall rules
iptables -A INPUT -p tcp --dport [RELY-PCIe_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [RELY-PCIe_PORT] -j DROP
Input Validation Enhancement
allImplement additional input validation/sanitization for sys_mgmt function parameters
🧯 If You Can't Patch
- Isolate affected systems in a dedicated network segment with strict firewall rules
- Disable or restrict access to the sys_mgmt function if not required for operations
🔍 How to Verify
Check if Vulnerable:
Check the RELY-PCIe software version via the management interface or CLICheck Version:
rely-pcie --version or check via web interface at /version endpointVerify Fix Applied:
Verify the version is v23.1.1 or later and test that command injection attempts are properly blocked📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in system logs
- Multiple failed authentication attempts to sys_mgmt function
- Suspicious process creation from RELY-PCIe services
Network Indicators:
- Unusual outbound connections from RELY-PCIe systems
- Traffic to known malicious IPs from affected systems
- Unexpected port scanning from RELY-PCIe devices
SIEM Query:
source="RELY-PCIe" AND (event_type="command_execution" OR process_name="sh" OR process_name="bash")