{ "id": "CVE-2023-40151", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-11-21T00:15:06.953", "lastModified": "2023-11-29T17:28:12.413", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\n\nWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n\n\n" }, { "lang": "es", "value": "Cuando la autenticaci\u00f3n de usuario no est\u00e1 habilitada, el shell puede ejecutar comandos con los privilegios m\u00e1s altos. Red Lion SixTRAK y VersaTRAK Series RTU con usuarios autenticados habilitados (UDR-A), cualquier mensaje Sixnet UDR enfrentar\u00e1 un desaf\u00edo de autenticaci\u00f3n a trav\u00e9s de UDP/IP. Cuando llega el mismo mensaje a trav\u00e9s de TCP/IP, la RTU simplemente aceptar\u00e1 el mensaje sin desaf\u00edo de autenticaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 6.0 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-749" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlioncontrols:st-ipm-6350_firmware:4.9.114:*:*:*:*:*:*:*", "matchCriteriaId": "685CF00F-7FEC-4DC9-BBAF-4B83A51ABB53" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlioncontrols:st-ipm-6350:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAB3B611-15F5-4921-A8C8-89B0D0A00AA2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlioncontrols:st-ipm-8460_firmware:6.0.202:*:*:*:*:*:*:*", "matchCriteriaId": "491A31DC-903F-467B-815E-0AC7FA349147" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlioncontrols:st-ipm-8460:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CAC9FF0-38FA-4C34-8082-C592CB02F0AC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlioncontrols:vt-mipm-135-d_firmware:4.9.114:*:*:*:*:*:*:*", "matchCriteriaId": "618F8D7E-6154-461F-BBCF-A69BFDE5CA5E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlioncontrols:vt-mipm-135-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BEFDF88-C073-4336-AD11-7707260A105E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlioncontrols:vt-mipm-245-d_firmware:4.9.114:*:*:*:*:*:*:*", "matchCriteriaId": "2473CC87-6ADB-4159-AA7C-4112C913678C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlioncontrols:vt-mipm-245-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E26FEC2-6332-4F68-8FF5-3A941E91A105" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlioncontrols:vt-ipm2m-213-d_firmware:4.9.114:*:*:*:*:*:*:*", "matchCriteriaId": "1FF18734-7D47-4DC5-A0C2-4F39298EFF26" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlioncontrols:vt-ipm2m-213-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C184211-9CF8-499B-B8D4-EBC58134FF6F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlioncontrols:vt-ipm2m-113-d_firmware:4.9.114:*:*:*:*:*:*:*", "matchCriteriaId": "7A231928-AF55-4697-B0A3-C92ECEAF523B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlioncontrols:vt-ipm2m-113-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2F4E6FF-1358-4105-AEEC-C7AD34D00EA6" } ] } ] } ], "references": [ { "url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution", "source": "ics-cert@hq.dhs.gov", "tags": [ "Mitigation", "Patch", "Vendor Advisory" ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01", "source": "ics-cert@hq.dhs.gov", "tags": [ "Third Party Advisory", "US Government Resource" ] } ] }