cbcvebase.
CVE-2023-42770
published 2023-11-21

CVE-2023-42770: Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP…

PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.88%
54.5th percentile
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.

Affected

12 ranges
VendorProductVersion rangeFixed in
red_lion_controlsst-ipm-6350
red_lion_controlsst-ipm-8460
red_lion_controlsvt-ipm2m-113-d
red_lion_controlsvt-ipm2m-213-d
red_lion_controlsvt-mipm-135-d
red_lion_controlsvt-mipm-245-d
redlioncontrolsst-ipm-6350_firmware
redlioncontrolsst-ipm-8460_firmware
redlioncontrolsvt-ipm2m-113-d_firmware
redlioncontrolsvt-ipm2m-213-d_firmware
redlioncontrolsvt-mipm-135-d_firmware
redlioncontrolsvt-mipm-245-d_firmware
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.