Red Lion RTU CVSS Bugs: Industrial Control Hack Risk

Here’s a breakdown of the information from the provided text, focusing on the key details about the security vulnerabilities:

Vulnerability Summary:

* Affected Products: Red Lion SixTRAK and VersaTRAK Remote Terminal Units (RTUs). These are used in industrial ​automation and‌ control systems (energy, water, transportation, manufacturing, etc.).
* Vulnerabilities:

​ * ​ CVE-2023-42770: Authentication Bypass. The RTU listens for communication on both​ UDP and TCP ‍ports (1594). It requests authentication ⁣over ⁢UDP, but doesn’t request ‍it over TCP, allowing an attacker to bypass authentication⁢ by sending commands ⁤via TCP.
⁣ * ⁣ CVE-2023-40151: Remote Code Execution (RCE). The Sixnet Worldwide Driver (UDR) allows execution of Linux shell ⁢commands, which can be exploited ‌to run arbitrary code with root (highest) privileges.
* Severity: Both vulnerabilities are rated 10.0 on the CVSS scale (Critical).
* Exploitability: An attacker can chain these vulnerabilities together – bypass authentication (CVE-2023-42770) and then execute code with‍ root privileges (CVE-2023-40151).
* Attack Vector: Unauthenticated attacker (meaning no login credentials are ⁤needed to initiate the attack).
* ‌ Communication ‌Protocol: The vulnerabilities relate to the proprietary Sixnet “Universal” protocol and use of UDP and TCP.
* ‌ Configuration Tool: The RTUs are configured using a Windows utility called⁣ Sixnet IO Tool‍ Kit.

In simpler terms:

These vulnerabilities allow a hacker to potentially take complete control of industrial⁢ control systems made by Red⁣ lion. They ​can do this without needing ‌a username or password, and ⁤once inside, they can run any command they want with the highest level of ‍access. This could have⁢ serious consequences for critical infrastructure like power plants, water treatment facilities, and manufacturing operations.