VYPR
Vendor

Red Lion Controls

Products
9
CVEs
11
Across products
15
Status
Private

Products

9

Recent CVEs

11
  • CVE-2016-9335CriMay 9, 2018
    risk 0.65cvss 10.0epss 0.02

    A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and…

  • CVE-2016-4521CriMay 31, 2016
    risk 0.64cvss 9.8epss 0.02

    Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.

  • CVE-2017-14855HigDec 30, 2017
    risk 0.56cvss 8.6epss 0.01

    Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.

  • CVE-2019-10996HigSep 23, 2019
    risk 0.51cvss 7.8epss 0.01

    Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.

  • CVE-2019-10984HigSep 23, 2019
    risk 0.51cvss 7.8epss 0.01

    Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.

  • CVE-2019-10978HigSep 23, 2019
    risk 0.51cvss 7.8epss 0.01

    Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.

  • CVE-2019-10990MedSep 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.

  • CVE-2023-42770Nov 21, 2023
    risk 0.00cvss epss 0.01

    Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.

  • CVE-2023-40151Nov 21, 2023
    risk 0.00cvss epss 0.01

    When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same…

  • CVE-2023-5719Nov 6, 2023
    risk 0.00cvss epss 0.01

    The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included,…

  • CVE-2022-3090Nov 17, 2022
    risk 0.00cvss epss 0.01

    Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an…