Red Lion Controls St-Ipm-6350 vulnerabilities
2 known vulnerabilities affecting red_lion_controls/st-ipm-6350.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2023-40151P2CRITICALCVSS 9.8v4.9.1142023-11-21
CVE-2023-40151 [CRITICAL] CWE-749 CVE-2023-40151: When user authentication is not enabled the shell can execute commands with the highest privilege
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authent
nvd
CVE-2023-42770P3CRITICALCVSS 9.8v4.9.1142023-11-21
CVE-2023-42770 [CRITICAL] CWE-288 CVE-2023-42770: Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.
nvd