Vulnerabilities > CVE-2023-40151 - Unspecified vulnerability in Redlioncontrols products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

redlioncontrols

critical

NVD

Published: 2023-11-21

Updated: 2023-11-29

Summary

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.

Vulnerable Configurations

Part	Description	Count
OS	Redlioncontrols Redlioncontrols ST IPM 6350 Firmware 4.9.114 Redlioncontrols ST IPM 8460 Firmware 6.0.202 Redlioncontrols VT Mipm 135 D Firmware 4.9.114 Redlioncontrols VT Mipm 245 D Firmware 4.9.114 Redlioncontrols VT Ipm2M 213 D Firmware 4.9.114 Redlioncontrols VT Ipm2M 113 D Firmware 4.9.114	6
Hardware	Redlioncontrols Redlioncontrols ST IPM 6350 - Redlioncontrols ST IPM 8460 - Redlioncontrols VT Mipm 135 D - Redlioncontrols VT Mipm 245 D - Redlioncontrols VT Ipm2M 213 D - Redlioncontrols VT Ipm2M 113 D -	6

Summary

Vulnerable Configurations

References