CVE-2020-27279

Vulnerability

A NULL pointer dereference vulnerability (CWE-476) exists in the protocol converter component of Red Lion Crimson 3.1, specifically in build versions prior to 3119.001 [1]. The issue is triggered when the device receives a specially crafted network packet, causing the affected code to dereference a NULL pointer. No special configuration or conditions are required to reach the vulnerable code path beyond having an affected version installed on the DA10D Protocol Converter [1].

Exploitation

An attacker can exploit this vulnerability remotely over the network without authentication and with low skill level required [1]. The attacker simply sends a malicious network packet to the affected device; no user interaction or prior access is needed. The attack complexity is low, meaning the crafted packet can be sent with basic networking tools [1].

Impact

Successful exploitation results in a denial-of-service condition: the device reboots immediately upon receiving the malformed packet [1]. The availability impact is high, while there is no impact on confidentiality or integrity. The CVSS v3 base score is 7.5 (vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) [1]. Repeated attacks could cause persistent disruption of operations.

Mitigation

Red Lion has released Crimson 3.1 build version 3119.001, which addresses this vulnerability [1]. Users are advised to update to this version or later. CISA recommends that asset owners evaluate the risk and apply the update as soon as possible. No workarounds are mentioned in the available references; the device should not be exposed to untrusted networks if patching is delayed [1].