admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2023/40xxx/CVE-2023-40151.json

168 lines
12 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2023-09-18 23:00:35 +00:00
{
"-Synchronized-Data."
2023-11-21 01:00:35 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2023-09-18 23:00:35 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-40151",
"-Synchronized-Data."
2023-11-21 01:00:35 +00:00
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"-Synchronized-Data."
2023-09-18 23:00:35 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2023-11-21 01:00:35 +00:00
"value": "\n\n\nWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749 Exposed Dangerous Method Or Function",
"cweId": "CWE-749"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Lion Controls",
"product": {
"product_data": [
{
"product_name": "ST-IPm-8460",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.202"
}
]
}
},
{
"product_name": "ST-IPm-6350",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.9.114"
}
]
}
},
{
"product_name": "VT-mIPm-135-D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.9.114"
}
]
}
},
{
"product_name": "VT-mIPm-245-D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.9.114"
}
]
}
},
{
"product_name": "VT-IPm2m-213-D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.9.114"
}
]
}
},
{
"product_name": "VT-IPm2m-113-D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.9.114"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
},
{
"url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution",
"refsource": "MISC",
"name": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-23-320-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>Red Lion recommends users apply the <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05\">latest patches</a>&nbsp;to their products.</p><p>Red Lion recommends users apply additional mitigations to help reduce the risk:</p><ul><li>Enable user authentication, see <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\">Red Lion instructions</a>.</li></ul><p>Blocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.</p><p>To block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.</p><ul><li>ST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz</li><li>ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz</li></ul><p>To block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.</p><ul><li>ST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz</li><li>ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz</li></ul><p>To Block all Sixnet UDR messages over TCP/IP:</p><ul><li>Enable iptables rules to block TCP/IP traffic.</li><li>In the Sixnet I/O Tool Kit go to Configuration&gt;Configuration Station/Module&gt;\"Ports\" tab&gt;Security.</li><li>Select the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.</li></ul><p>Remove these rules from the default rc.firewall file:</p><ul><li>iptables -P INPUT DROP (Drops everything coming in)</li><li>iptables -P FORWARD DROP (Drops everything in FORWARD chain)</li></ul><p>Add one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:</p><ul><li>insmodip_tables (Initialization)</li><li>insmodiptable_filter (Initialization)</li><li>insmodip_conntrack (Initialization)</li><li>insmodiptable_nat (Initialization)</li><li>iptables -F INPUT (Flushes INPUT chain)</li><li>iptables -F OUTPUT (Flushes OUTPUT chain)</li><li>iptables -F FORWARD (Flushes FORWARD chain)</li><li>iptables -Z (Zero counters)</li><li>iptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)</li><li>iptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)</li></ul><p>For installation instructions see <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\">Red Lion's support page</a>.</p><p>For more information, please refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution\">Red Lion\u2019s security bulletin</a>.</p>\n\n<br>"
}
],
"value": "\nRed Lion recommends users apply the latest patches https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05 \u00a0to their products.\n\nRed Lion recommends users apply additional mitigations to help reduce the risk:\n\n * Enable user authentication, see Red Lion instructions https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\n\nBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\n\nTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\n\n\nTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\n\n\nTo Block all Sixnet UDR messages over TCP/IP:\n\n * Enable iptables rules to block TCP/IP traffic.\n * In the Sixnet I/O Tool Kit go to Configuration>Configuration Station/Module>\"Ports\" tab>Security.\n * Select the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\n\n\nRemove these rules from the default rc.firewall file:\n\n * iptables -P INPUT DROP (Drops everything coming in)\n * iptables -P FORWARD DROP (Drops everything in FORWARD chain)\n\n\nAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\n\n * insmodip_tables (Initialization)\n * insmodiptable_filter (Initialization)\n * insmodip_conntrack (Initialization)\n * insmodiptable_nat (Initialization)\n * iptables -F INPUT (Flushes INPUT chain)\n * iptables -F OUTPUT (Flushes OUTPUT chain)\n * iptables -F FORWARD (Flushes FORWARD chain)\n * iptables -Z (Zero counters)\n * iptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\n * iptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\n\n\nFor installation instructions see Red Lion's support page https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\nFor more information, please refer to Red Lion\u2019s security bulletin https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution .\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Nitsan Litov of Claroty Research - Team82 reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
"-Synchronized-Data."
2023-09-18 23:00:35 +00:00
}
]
}
}
Reference in New Issue Copy Permalink