CVE-2023-42770 Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel

🗓️ 21 Nov 2023 00:14:18Reported by icscertType

Red Lion Controls Sixnet RTU Authentication Bypass CVE-2023-42770

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the UDR-A authentication function in microprogrammed control devices like Red Lion SixTRAK and VersaTRAK allows attackers to execute arbitrary commands with administrative privileges.	4 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-42770	11 Jun 202514:31	–	circl
CNNVD	Red Lion Controls SixTRAK and VersaTRAK Access Control Error Vulnerability	21 Nov 202300:00	–	cnnvd
CVE	CVE-2023-42770	21 Nov 202300:14	–	cve
EUVD	EUVD-2023-47202	3 Oct 202520:07	–	euvd
ICS	Red Lion Sixnet RTUs	16 Nov 202307:00	–	ics
NVD	CVE-2023-42770	21 Nov 202301:15	–	nvd
OSV	CVE-2023-42770	21 Nov 202301:15	–	osv
Prion	Authentication flaw	21 Nov 202301:15	–	prion
Positive Technologies	PT-2023-7324 · Red Lion · Red Lion Versatrak +1	16 Nov 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "ST-IPm-8460",
    "vendor": "Red Lion Controls",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.202"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ST-IPm-6350",
    "vendor": "Red Lion Controls",
    "versions": [
      {
        "status": "affected",
        "version": "4.9.114"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VT-mIPm-135-D",
    "vendor": "Red Lion Controls",
    "versions": [
      {
        "status": "affected",
        "version": "4.9.114"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VT-mIPm-245-D",
    "vendor": "Red Lion Controls",
    "versions": [
      {
        "status": "affected",
        "version": "4.9.114"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VT-IPm2m-213-D",
    "vendor": "Red Lion Controls",
    "versions": [
      {
        "status": "affected",
        "version": "4.9.114"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VT-IPm2m-113-D",
    "vendor": "Red Lion Controls",
    "versions": [
      {
        "status": "affected",
        "version": "4.9.114"
      }
    ]
  }
]

Source	Link
https	www.https//support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-320-01

21 Nov 2023 00:14Current

9.6High risk

Vulners AI Score9.6

CVSS 3.110

EPSS0.00879

CWE-288