First published: Wed May 09 2018(Updated: )
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Redlion Sixnet-managed Industrial Switches Firmware | <=5.0.196 | |
Redlion Sixnet-managed Industrial Switches | ||
Redlion Stride-managed Ethernet Switches Firmware | <=5.0.190 | |
Redlion Stride-managed Ethernet Switches |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2016-9335.
The severity of CVE-2016-9335 is critical.
Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190 are affected by CVE-2016-9335.
To fix CVE-2016-9335, update the firmware of the affected Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches to a version that is not vulnerable.
You can find more information about CVE-2016-9335 at the following URL: https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02