Share: Email | Twitter

ID

VDE-2023-011

Published

2023-07-05 10:00 (CEST)

Last update

2023-07-03 07:53 (CEST)

Vendor(s)

Frauscher Sensortechnik GmbH

Product(s)

Article No° Product Name Affected Version(s)
Diagnostic System FDS101 for FAdC/FAdCi <= 1.3.3

Summary

Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication.


Last Update:

Aug. 30, 2024, 9:28 a.m.

Weakness

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')  (CWE-22) 

Summary

Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.


Impact

The attacker can read all files on the filesystem of the FDS001 device. Note: Orphaned SSH keys exist on the file system, but they cannot be used to log in to the machine.

Solution

Mitigation

Security-related application conditions SecRAC
The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS001.
The recommendation is to connect the Frauscher Diagnostic System FDS001 to a network of category 2. If the Frauscher Diagnostic System FDS001 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.

Remediation

For the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.

Reported by

Frauscher Sensortechnik coordinated with CERT@VDE