First published: Tue Nov 21 2023(Updated: )
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.
|Affected Software||Affected Version||How to fix|
|Redlioncontrols St-ipm-6350 Firmware||=4.9.114|
|Redlioncontrols St-ipm-8460 Firmware||=6.0.202|
|Redlioncontrols Vt-mipm-135-d Firmware||=4.9.114|
|Redlioncontrols Vt-mipm-245-d Firmware||=4.9.114|
|Redlioncontrols Vt-ipm2m-213-d Firmware||=4.9.114|
|Redlioncontrols Vt-ipm2m-113-d Firmware||=4.9.114|
CVE-2023-42770 is a vulnerability that allows an attacker to bypass authentication in Red Lion Controls Sixnet RTU devices using an alternative path or channel.
CVE-2023-42770 affects Red Lion Sixnet and VersaTRAK Series RTUs with authenticated users enabled (UDR-A).
CVE-2023-42770 has a severity rating of critical.
To fix CVE-2023-42770, Red Lion Controls recommends upgrading to the latest firmware version provided in their advisory.
You can find more information about CVE-2023-42770 in the advisory published by CISA and the support article from Red Lion Controls.