Red Lion Controls Crimson

🗓️ 05 Sep 2019 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 85 Views

Red Lion Controls Crimson software (Windows) has multiple vulnerabilities (CVSS v3 7.8) including use after free, memory buffer bounds, pointer issues, and hard-coded cryptographic key. Exploitation could lead to code execution, device crash, or data exposure. Mitigation involves migrating to Crimson 3.1 release 3112.00 or later and adopting additional protection mechanisms. Critical infrastructure sectors affected: Critical Manufacturing. Worldwide deployment. HQ in the United States

Reporter	Title	Published	Views	Family All 53
CNVD	Red Lion Controls Crimson Resource Management Error Vulnerability	6 Sep 201900:00	–	cnvd
CNVD	Red Lion Controls Crimson Buffer Overflow Vulnerability	6 Sep 201900:00	–	cnvd
CNVD	Red Lion Controls Crimson Buffer Overflow Vulnerability (CNVD-2019-33858)	6 Sep 201900:00	–	cnvd
CNVD	Red Lion Controls Crimson Trust Management Issue Vulnerability	6 Sep 201900:00	–	cnvd
Check Point Advisories	Red Lion Crimson Type Confusion (CVE-2019-10996; CVE-2019-10984)	25 Feb 202000:00	–	checkpoint_advisories
CVE	CVE-2019-10978	23 Sep 201915:58	–	cve
CVE	CVE-2019-10984	23 Sep 201915:58	–	cve
CVE	CVE-2019-10990	23 Sep 201915:46	–	cve
CVE	CVE-2019-10996	23 Sep 201915:58	–	cve
Cvelist	CVE-2019-10978	23 Sep 201915:58	–	cvelist

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-248-01.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-19-248-01
us-cert	www.us-cert.gov/cas/tips/ST04-014.html
us-cert	www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
us-cert	www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B

05 Sep 2019 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 26.8

CVSS 3.17.8

EPSS0.00214

SSVC