CVE-2023-42770: Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel
First published: Tue Nov 21 2023(Updated: )
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redlioncontrols St-ipm-6350 Firmware | =4.9.114 | |
| Redlioncontrols St-ipm-6350 | ||
| Redlioncontrols St-ipm-8460 Firmware | =6.0.202 | |
| Redlioncontrols St-ipm-8460 | ||
| Redlioncontrols Vt-mipm-135-d Firmware | =4.9.114 | |
| Redlioncontrols Vt-mipm-135-d | ||
| Redlioncontrols Vt-mipm-245-d Firmware | =4.9.114 | |
| Redlioncontrols Vt-mipm-245-d | ||
| Redlioncontrols Vt-ipm2m-213-d Firmware | =4.9.114 | |
| Redlioncontrols Vt-ipm2m-213-d | ||
| Redlioncontrols Vt-ipm2m-113-d Firmware | =4.9.114 | |
| Redlioncontrols Vt-ipm2m-113-d |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-42770?
CVE-2023-42770 is a vulnerability that allows an attacker to bypass authentication in Red Lion Controls Sixnet RTU devices using an alternative path or channel.
How does CVE-2023-42770 affect Red Lion Sixnet and VersaTRAK Series RTUs?
CVE-2023-42770 affects Red Lion Sixnet and VersaTRAK Series RTUs with authenticated users enabled (UDR-A).
What is the severity of CVE-2023-42770?
CVE-2023-42770 has a severity rating of critical.
How can I fix CVE-2023-42770?
To fix CVE-2023-42770, Red Lion Controls recommends upgrading to the latest firmware version provided in their advisory.
Where can I find more information about CVE-2023-42770?
You can find more information about CVE-2023-42770 in the advisory published by CISA and the support article from Red Lion Controls.
- collector/mitre-cve
- collector/nvd-api
- vendor/redlioncontrols
- product/st-ipm-6350 firmware
- canonical/redlioncontrols st-ipm-6350 firmware
- product/st-ipm-6350
- canonical/redlioncontrols st-ipm-6350
- product/st-ipm-8460 firmware
- canonical/redlioncontrols st-ipm-8460 firmware
- product/st-ipm-8460
- canonical/redlioncontrols st-ipm-8460
- product/vt-mipm-135-d firmware
- canonical/redlioncontrols vt-mipm-135-d firmware
- product/vt-mipm-135-d
- canonical/redlioncontrols vt-mipm-135-d
- product/vt-mipm-245-d firmware
- canonical/redlioncontrols vt-mipm-245-d firmware
- product/vt-mipm-245-d
- canonical/redlioncontrols vt-mipm-245-d
- product/vt-ipm2m-213-d firmware
- canonical/redlioncontrols vt-ipm2m-213-d firmware
- product/vt-ipm2m-213-d
- canonical/redlioncontrols vt-ipm2m-213-d
- product/vt-ipm2m-113-d firmware
- canonical/redlioncontrols vt-ipm2m-113-d firmware
- product/vt-ipm2m-113-d
- canonical/redlioncontrols vt-ipm2m-113-d