CVE-2023-5719 Red Lion Crimson Improper Neutralization of Null Byte or NUL Character

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent % character, invalid values will be included, potentially truncating...

CVE-2022-3090

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...

PT-2022-20368 · Red Lion Controls · Crimson 3.2 +2

Name of the Vulnerable Software and Affected Versions: Red Lion Controls Crimson 3.0 versions 707.000 and prior Red Lion Controls Crimson 3.1 versions 3126.001 and prior Red Lion Controls Crimson 3.2 versions 3.2.0044.0 and prior Description: The issue allows an attacker to obtain user credential...

CISA Releases Two Industrial Control Systems Advisories

CISA has released two 2 Industrial Control Systems ICS advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...

Red Lion Crimson 3.1

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Red Lion Equipment: Crimson 3.1 Vulnerabilities: NULL Pointer Dereference, Missing Authentication for Critical Function, Improper Resource Shutdown or Release 2. RISK EVALUATION Successful...

Red Lion Controls Crimson 代码问题漏洞

Crimson is a programming software from Red Lion. A null pointer dereference vulnerability exists in the protocol converter in Crimson. An attacker could exploit this vulnerability by sending specially crafted packets to cause the device to reboot...

Red Lion Controls Crimson 安全漏洞

Crimson is a programming software from Red Lion. Crimson suffers from a resource improperly closed or freed vulnerability. An attacker can exploit this vulnerability by sending a specially crafted message to leak arbitrary memory locations...

CVE-2019-10978

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area...

CVE-2019-10990

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...

CVE-2019-10978

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area...

CVE-2019-10996

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed...

CVE-2019-10990

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...

Red Lion Crimson CD31 File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Red Lion Crimson Hard-coded Cryptographic Key Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTextStreamMemory class. The class contains hard-coded secrets in clear tex...

PT-2019-12118 · Red Lion Controls · Crimson

Name of the Vulnerable Software and Affected Versions: Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00 Description: The issue allows multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious inpu...

Red Lion Crimson CD3 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CD...

Red Lion Crimson CD31 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CD...

Red Lion Crimson CD31 File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...