- CVE-2021-32453- sitel RTU CAP/PRX - information exposure
- CVE-2021-32454- sitel RTU CAP/PRX - Hardcoded credentials
- CVE-2021-32455- sitel RTU CAP/PRX - vulnerable denial service attack
- CVE-2021-32456- sitel RTU CAP/PRX - cleartext transmission of sensitive information
Sitel CAP/PRX is an small and simple RTU (Remote Telecontrol Unit) based on Linux and developed by SITEL which had a big lack of security measures. A number of vulnerabilities were discovered in this device (here only four are mentioned). These vulnerabilities were pointed out to the manufacturer, who took note and changed completely the device.
The resolution of these vulnerabilities by the manufacturer were sometimes... mainly mitigations of the problem. But the vulnerabilities are not there any longer, so they can be considered to be resolved.
As the responsability of these link belong only to INCIBE CERT and these kind of link tend to disappear with time, I will add 4 screenshots in order to maintain access to them:
Explanation of the vulnerabilities
CVE-2021-32453- sitel RTU CAP/PRX - information exposure
Severity: 6.5
It's possible to access via Web (using the insecure protocolo HTTP) to the internal configuration database of the device (which was actually a .xml file) without any kind of authentication by just knowing the XML file URL. Knowing this, an ttacker could access the whole device configuration.
It's also possible to access different configuration files stored in the device through the insecure protocol HTTP and without any kind of authentication using the following URL:
http:///cgi-bin/display
When accessing this URL the contents of the following list of configuration files were shown:
- /etc/password
- /etc/group
- /proc/cpuinfo
All these files provide information about the device and its operative system, allowing attacker to plan more harmful attacks.
Solution: The Manufacturer was contacted and they prepared a new firmware version (v5.3.09). CAP/PRX owners should update their
CVE-2021-32454- sitel RTU CAP/PRX - Hardcoded credentials
Severity: 9.6
The device used a well known (explained in manuals) hardcoded password. Although it's hardcoded in the ushell executable, and shouldn't be modified, an attacker with access to the device, could modify the ushell executable and leave legitimate users without access to the device. Moreover, to recover the device the legitimate owner would need to access physically to the device and update its firmware.
Solution: The Manufacturer was contacted and they prepared a new firmware version (v5.3.09).
CVE-2021-32455- sitel RTU CAP/PRX - Denial of service attack
Severity: 6.8
It was possible to provoke a denial of service of the whole system by sending massively HTTP requests. The reason is because these HTTP connections were not properly closed, and this provoked, after a period of time, a denial of service of the embedded web server. In a worst-case scenario the whole system would become stuck and it would be necessary to reboot the system.
Solution: The Manufacturer was contacted and they prepared a new firmware version (v5.3.09).
CVE-2021-32455- sitel RTU CAP/PRX - Cleartext transmission of sensitive information
Severity: 5.7
The authentication process of legitimate users to the SITEL CAP/PRX web panel was performed using the insecure protocol HTTP. For this reason, web panel access credentials went in plaintext. An attacker with access to the local network of the device or the device user's computer could obtain, through a MITM attack these authentication passwords by simple analyzing the network traffic.
Solution: The Manufacturer was contacted and they prepared a new firmware version (v5.3.09).