OTPulse
FeedAboutContact

Alisonic Sibylla

Act Now9.4ICS-CERT ICSA-24-268-02Sep 24, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Alisonic Sibylla devices contain a SQL injection vulnerability (CWE-89) that allows an attacker with network access to query the backend database without authentication. Successful exploitation could result in extraction of device information, credential dumping, or obtaining administrator access. The vulnerability affects all versions of Sibylla. Alisonic has not provided a security patch and did not respond to CISA coordination efforts. No active exploitation in the wild has been reported at this time.

What this means
What could happen
An attacker could extract sensitive data from the Sibylla database, including credentials and system information, potentially leading to complete administrative control of the device or connected systems.
Who's at risk
Organizations operating Alisonic Sibylla devices for process control, data management, or system monitoring should prioritize this issue. Sibylla is typically used in industrial automation, water treatment, manufacturing, and utility management environments where unauthorized access to administrative credentials or process data could disrupt operations.
How it could be exploited
An attacker with network access to the Sibylla device could exploit a SQL injection vulnerability (CWE-89) to query the database directly. By crafting malicious SQL input, the attacker could dump user credentials or retrieve administrative information without requiring valid authentication credentials.
Prerequisites
  • Network access to the Sibylla device
  • The device is reachable via its network interface (no specific authentication required for the attack)
Remotely exploitableNo authentication requiredLow complexity attackNo patch available from vendorHigh CVSS severity (9.4)SQL injection vulnerability allows direct database access
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Sibylla: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGRestrict network access to Sibylla devices—ensure they are not reachable from the internet and are located behind firewalls separated from business networks
HARDENINGIf remote access to Sibylla is required, deploy it through a Virtual Private Network (VPN) with current patches and strong authentication
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Alisonic directly at +39 0362 1547580 or info@alisonic.it to inquire about available patches or security updates
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ff13ac2a-110c-4c1f-acbb-f134144594d2
Alisonic Sibylla | CVSS 9.4 - OTPulse