Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixne t remote terminal unit RTU products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked as CVE-2023-40151 andCVE-2023-42770 , are both...

EUVD-2016-5508

Malware in sbrugna...

EUVD-2013-2741

Malware in sbrugna...

CVE-2013-2802

The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes...

CVE-2023-40151

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...

CVE-2023-42770 Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge...

CVE-2023-42770 Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge...

CVE-2023-40151 Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...

CVE-2023-40151 Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...

Red Lion Sixnet RTUs

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Red Lion Equipment : Sixnet RTU Vulnerabilities : Authentication Bypass using an Alternative Path or Channel, Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation...

Denial of Service Vulnerability in Sixnet Switch SLX-18MG

With more than 30 years of experience in designing and manufacturing industrial automation products, Sixnet fully understands the needs of various industrial applications and injects its mature industrial automation product design concepts into industrial Ethernet switch products. A denial of...

The vulnerability of microprogrammed software in Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches arises from the use of pre-installed HTTP SSL/SSH keys. This allows a hacker to gain full control over the device.

The vulnerability of microprogrammed software in Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches is related to the use of pre-installed HTTP SSL/SSH keys. Exploiting this vulnerability can allow a malicious actor to gain full control over the device remotely...

CVE-2016-9335

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed...

CVE-2016-9335

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed...

CVE-2016-9335

CVE-2016-9335 affects Red Lion Controls Sixnet-Managed Industrial Switches (firmware 5.0.196) and AutomationDirect/Stride-Managed Ethernet Switches (firmware 5.0.190). The root cause is hard-coded HTTP SSL/SSH keys that cannot be regenerated, causing all devices to share the same key. Consequence...

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hard-Coded Encryption Key Vulnerability

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches are both industrial Ethernet managed switches from Red Lion Controls, USA. A hard-coded encryption key vulnerability exists in Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 and earlier...

Sixnet BT-5xxx BT-6xxx M2M devices elevation of privilege vulnerability

The Red Lion Sixnet BT-5xxx is a BT series router from Red Lion USA that provides wireless connectivity. An elevation of privilege vulnerability exists in the Sixnet BT-5xxx BT-6xxx M2M devices versions prior to 3.8.21,3.9.8 prior to 3.9.x. The vulnerability is caused by the following...

CVE-2016-4521

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors...

CVE-2016-4521

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors...