CRITICAL🇵🇱 Wersja polska

CVE-2023-40151

CVSS 10.0v3.1pub. 2023-11-21upd. 2024-11-21

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.

🤖 AI Analysis
How it works

In a configuration with authenticated users enabled (UDR-A), the device correctly requires authentication for incoming Sixnet UDR messages via UDP/IP. However, the same message sent via TCP/IP is accepted by the RTU without any authentication challenge — this constitutes a bypass of the access control mechanism. Additionally, when user authentication is not enabled at all, the system shell can execute commands with highest privileges. As a result, an attacker remotely, without authentication, gains full access to the device.

Impact

An attacker gains unauthorized, full access to the RTU device, enabling execution of arbitrary commands with highest privileges (RCE), manipulation of industrial processes, and potential disruption or destruction of controlled infrastructure.

Mitigation & patch

Apply patches available from the manufacturer in accordance with references (Red Lion RLCSIM-2023-05 and CISA advisory ICSA-23-320-01). As a temporary measure, restrict access to RTU devices via TCP/IP using firewall or OT network segmentation, and ensure that user authentication is enabled on all devices.

Who is affected

Red Lion SixTRAK and VersaTRAK Series RTU: ST-IPM-6350 (firmware), ST-IPM-8460 (firmware), VT-MIPM-135-D (firmware) — specific versions indicated in manufacturer references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Redlioncontrols St Ipm 6350

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols St Ipm 6350 Firmware

    OS
    Redlioncontrols
    4.9.114
  • Redlioncontrols St Ipm 8460

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols St Ipm 8460 Firmware

    OS
    Redlioncontrols
    6.0.202
  • Redlioncontrols Vt Ipm2m 113 D

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols Vt Ipm2m 113 D Firmware

    OS
    Redlioncontrols
    4.9.114
  • Redlioncontrols Vt Ipm2m 213 D

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols Vt Ipm2m 213 D Firmware

    OS
    Redlioncontrols
    4.9.114
  • Redlioncontrols Vt Mipm 135 D

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols Vt Mipm 135 D Firmware

    OS
    Redlioncontrols
    4.9.114
  • Redlioncontrols Vt Mipm 245 D

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols Vt Mipm 245 D Firmware

    OS
    Redlioncontrols
    4.9.114
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-42770CRITICAL10.0PL ✓ten sam produkt

Authentication Bypass w Red Lion SixTRAK/VersaTRAK RTU przez TCP/IP