CRITICAL🇵🇱 Wersja polska

CVE-2023-42770

CVSS 10.0v3.1pub. 2023-11-21upd. 2024-11-21

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.

🤖 AI Analysis
How it works

When the user authentication option (UDR-A) is enabled on the device, Sixnet UDR protocol messages transmitted via UDP/IP are correctly verified and require authentication. However, the same message sent via TCP/IP is accepted by the RTU without any authentication challenge. An attacker can therefore bypass the authentication mechanism by choosing only TCP/IP transport instead of UDP/IP. This results in full unauthorized access to the device from the network level.

Impact

An unauthorized attacker can remotely, without any credentials, gain full control over the RTU device, including modifying configuration, affecting industrial processes, and potentially executing remote code (RCE) on the device.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Detailed information is available in the Red Lion security bulletin RLCSIM-2023-05 and in the CISA ICS Advisory ICSA-23-320-01 guide. Additionally, it is recommended to segment the industrial network and restrict access to TCP ports of RTU devices only to trusted hosts.

Who is affected

Red Lion SixTRAK and VersaTRAK Series RTU: ST-IPM-6350 Firmware, ST-IPM-6350, ST-IPM-8460 Firmware, ST-IPM-8460, VT-MIPM-135-D Firmware — with user authentication option (UDR-A) enabled. Exact firmware versions indicated in the manufacturer's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Redlioncontrols St Ipm 6350

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols St Ipm 6350 Firmware

    OS
    Redlioncontrols
    4.9.114
  • Redlioncontrols St Ipm 8460

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols St Ipm 8460 Firmware

    OS
    Redlioncontrols
    6.0.202
  • Redlioncontrols Vt Ipm2m 113 D

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols Vt Ipm2m 113 D Firmware

    OS
    Redlioncontrols
    4.9.114
  • Redlioncontrols Vt Ipm2m 213 D

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols Vt Ipm2m 213 D Firmware

    OS
    Redlioncontrols
    4.9.114
  • Redlioncontrols Vt Mipm 135 D

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols Vt Mipm 135 D Firmware

    OS
    Redlioncontrols
    4.9.114
  • Redlioncontrols Vt Mipm 245 D

    HW
    Redlioncontrols
    wszystkie wersje
  • Redlioncontrols Vt Mipm 245 D Firmware

    OS
    Redlioncontrols
    4.9.114
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-40151CRITICAL10.0PL ✓ten sam produkt

Pominięcie uwierzytelnienia przez TCP/IP w Red Lion SixTRAK/VersaTRAK RTU