mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
168 lines
12 KiB
JSON
168 lines
12 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-40151",
|
|
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "\n\n\nWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n\n\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-749 Exposed Dangerous Method Or Function",
|
|
"cweId": "CWE-749"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Red Lion Controls",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "ST-IPm-8460",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "6.0.202"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "ST-IPm-6350",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "4.9.114"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "VT-mIPm-135-D",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "4.9.114"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "VT-mIPm-245-D",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "4.9.114"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "VT-IPm2m-213-D",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "4.9.114"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "VT-IPm2m-113-D",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "4.9.114"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01",
|
|
"refsource": "MISC",
|
|
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
|
|
},
|
|
{
|
|
"url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution",
|
|
"refsource": "MISC",
|
|
"name": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"advisory": "ICSA-23-320-01",
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "\n\n<p>Red Lion recommends users apply the <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05\">latest patches</a> to their products.</p><p>Red Lion recommends users apply additional mitigations to help reduce the risk:</p><ul><li>Enable user authentication, see <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\">Red Lion instructions</a>.</li></ul><p>Blocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.</p><p>To block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.</p><ul><li>ST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz</li><li>ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz</li></ul><p>To block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.</p><ul><li>ST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz</li><li>ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz</li></ul><p>To Block all Sixnet UDR messages over TCP/IP:</p><ul><li>Enable iptables rules to block TCP/IP traffic.</li><li>In the Sixnet I/O Tool Kit go to Configuration>Configuration Station/Module>\"Ports\" tab>Security.</li><li>Select the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.</li></ul><p>Remove these rules from the default rc.firewall file:</p><ul><li>iptables -P INPUT DROP (Drops everything coming in)</li><li>iptables -P FORWARD DROP (Drops everything in FORWARD chain)</li></ul><p>Add one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:</p><ul><li>insmodip_tables (Initialization)</li><li>insmodiptable_filter (Initialization)</li><li>insmodip_conntrack (Initialization)</li><li>insmodiptable_nat (Initialization)</li><li>iptables -F INPUT (Flushes INPUT chain)</li><li>iptables -F OUTPUT (Flushes OUTPUT chain)</li><li>iptables -F FORWARD (Flushes FORWARD chain)</li><li>iptables -Z (Zero counters)</li><li>iptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)</li><li>iptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)</li></ul><p>For installation instructions see <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\">Red Lion's support page</a>.</p><p>For more information, please refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution\">Red Lion\u2019s security bulletin</a>.</p>\n\n<br>"
|
|
}
|
|
],
|
|
"value": "\nRed Lion recommends users apply the latest patches https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05 \u00a0to their products.\n\nRed Lion recommends users apply additional mitigations to help reduce the risk:\n\n * Enable user authentication, see Red Lion instructions https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\n\nBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\n\nTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\n\n\nTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\n\n\nTo Block all Sixnet UDR messages over TCP/IP:\n\n * Enable iptables rules to block TCP/IP traffic.\n * In the Sixnet I/O Tool Kit go to Configuration>Configuration Station/Module>\"Ports\" tab>Security.\n * Select the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\n\n\nRemove these rules from the default rc.firewall file:\n\n * iptables -P INPUT DROP (Drops everything coming in)\n * iptables -P FORWARD DROP (Drops everything in FORWARD chain)\n\n\nAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\n\n * insmodip_tables (Initialization)\n * insmodiptable_filter (Initialization)\n * insmodip_conntrack (Initialization)\n * insmodiptable_nat (Initialization)\n * iptables -F INPUT (Flushes INPUT chain)\n * iptables -F OUTPUT (Flushes OUTPUT chain)\n * iptables -F FORWARD (Flushes FORWARD chain)\n * iptables -Z (Zero counters)\n * iptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\n * iptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\n\n\nFor installation instructions see Red Lion's support page https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\nFor more information, please refer to Red Lion\u2019s security bulletin https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution .\n\n\n\n\n"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Nitsan Litov of Claroty Research - Team82 reported these vulnerabilities to CISA."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 10,
|
|
"baseSeverity": "CRITICAL",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |