CVE-2023-40151
published 2023-11-21CVE-2023-40151: When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.15%
62.9th percentile
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_lion_controls | st-ipm-6350 | — | — |
| red_lion_controls | st-ipm-8460 | — | — |
| red_lion_controls | vt-ipm2m-113-d | — | — |
| red_lion_controls | vt-ipm2m-213-d | — | — |
| red_lion_controls | vt-mipm-135-d | — | — |
| red_lion_controls | vt-mipm-245-d | — | — |
| redlioncontrols | st-ipm-6350_firmware | — | — |
| redlioncontrols | st-ipm-8460_firmware | — | — |
| redlioncontrols | vt-ipm2m-113-d_firmware | — | — |
| redlioncontrols | vt-ipm2m-213-d_firmware | — | — |
| redlioncontrols | vt-mipm-135-d_firmware | — | — |
| redlioncontrols | vt-mipm-245-d_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated Sixnet UDR messages arriving over TCP/IP (port 1594) — the RTU accepts these with no authentication challenge, unlike UDP/IP which enforces authentication. Alert on TCP connections to port 1594 on affected RTU devices. ↗
- →Monitor for Sixnet UDR protocol traffic over TCP port 1594 to Red Lion SixTRAK/VersaTRAK RTUs; legitimate deployments should only use UDP/IP for UDR with authentication enabled. ↗
- →Alert on shell command execution at highest privilege level on affected RTUs when user authentication is not enabled (CWE-749 — Exposed Dangerous Method or Function). ↗
- ·CVE-2023-40151 affects Red Lion SixTRAK and VersaTRAK RTUs across multiple firmware versions; exploitation is only possible when user authentication is NOT enabled. Ensure UDR-A (authenticated users) mode is active. ↗
- ·The authentication bypass via TCP/IP (CVE-2023-42770, co-reported in the same advisory) affects devices even when authenticated users ARE enabled (UDR-A), because the TCP path skips the challenge entirely. Both CVEs share the same attack vector and should be remediated together. ↗
- ·Patch filenames differ by device family: ST-IPm-8460 uses '8313_patch1_tcp_udr_all_blocked.tar.gz', while ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D use '855_patch1_tcp_udr_all_blocked.tar.gz'. Applying the wrong patch to the wrong device family may leave the vulnerability unmitigated. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_oracle7.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Red Lion Sixnet RTUs
cisa_ics·2023-11-16·CVSS 10.0
[CRITICAL] Red Lion Sixnet RTUs
ICS Advisory
##
Red Lion Sixnet RTUs
Release DateNovember 16, 2023
Alert CodeICSA-23-320-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Red Lion
- Equipment: Sixnet RTU
- Vulnerabilities: Authentication Bypass using an Alternative Path or Channel, Exposed Dangerous Method or Function
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to execute commands with high privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Red Lion products are affected:
- ST-IPm-8460: Firmware 6.0.202 and later
- ST-IPm-6350: Firmware version 4.9.114 and later
- VT-mIPm-135-D: Firmware version 4.9.114 and later
- VT-mIPm-2
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (XStream) — CVE-2022-40151
vendor_oracle·2023-04-15·CVSS 7.5
CVE-2022-40151 [MEDIUM] Oracle Oracle Communications Risk Matrix: Install/Upgrade (XStream) — CVE-2022-40151
Oracle Oracle Communications Risk Matrix: Install/Upgrade (XStream) vulnerability
CVE: CVE-2022-40151
CVSS: 7.5
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
GHSA
GHSA-hxg4-c72j-73rf: When user authentication is not enabled the shell can execute commands with the highest privileges
ghsa_unreviewed·2023-11-21
CVE-2023-40151 [CRITICAL] CWE-749 GHSA-hxg4-c72j-73rf: When user authentication is not enabled the shell can execute commands with the highest privileges
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Executionhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Executionhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01
2023-11-21
Published