CVE-2023-40151
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/11/2023
Last modified:
29/11/2023
Description
<br />
<br />
<br />
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.<br />
<br />
<br />
<br />
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:redlioncontrols:st-ipm-6350_firmware:4.9.114:*:*:*:*:*:*:* | ||
| cpe:2.3:h:redlioncontrols:st-ipm-6350:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redlioncontrols:st-ipm-8460_firmware:6.0.202:*:*:*:*:*:*:* | ||
| cpe:2.3:h:redlioncontrols:st-ipm-8460:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redlioncontrols:vt-mipm-135-d_firmware:4.9.114:*:*:*:*:*:*:* | ||
| cpe:2.3:h:redlioncontrols:vt-mipm-135-d:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redlioncontrols:vt-mipm-245-d_firmware:4.9.114:*:*:*:*:*:*:* | ||
| cpe:2.3:h:redlioncontrols:vt-mipm-245-d:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redlioncontrols:vt-ipm2m-213-d_firmware:4.9.114:*:*:*:*:*:*:* | ||
| cpe:2.3:h:redlioncontrols:vt-ipm2m-213-d:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redlioncontrols:vt-ipm2m-113-d_firmware:4.9.114:*:*:*:*:*:*:* | ||
| cpe:2.3:h:redlioncontrols:vt-ipm2m-113-d:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page