Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World

Red Lion RTU CVSS Bugs: Industrial Control Hack Risk

October 15, 2025 Lisa Park Tech
News Context
At a glance
  • Here's a breakdown of the information from the provided text, focusing on the key details about the security vulnerabilities:
  • * Affected Products: Red Lion SixTRAK and VersaTRAK Remote Terminal Units (RTUs).
  • These vulnerabilities allow a hacker to potentially take complete control of industrial⁢ control systems made by Red⁣ lion.
Original source: thehackernews.com

Here’s a breakdown of the information from the provided text, focusing on the key details about the security vulnerabilities:

Vulnerability Summary:

* Affected Products: Red Lion SixTRAK and VersaTRAK Remote Terminal Units (RTUs). These are used in industrial automation and control systems (energy, water, transportation, manufacturing, etc.).
* Vulnerabilities:

* CVE-2023-42770: Authentication Bypass. The RTU listens for communication on both UDP and TCP ‍ports (1594). It requests authentication ⁣over ⁢UDP, but doesn’t request ‍it over TCP, allowing an attacker to bypass authentication⁢ by sending commands ⁤via TCP.
⁣ * ⁣ CVE-2023-40151: Remote Code Execution (RCE). The Sixnet Worldwide Driver (UDR) allows execution of Linux shell ⁢commands, which can be exploited to run arbitrary code with root (highest) privileges.
* Severity: Both vulnerabilities are rated 10.0 on the CVSS scale (Critical).
* Exploitability: An attacker can chain these vulnerabilities together – bypass authentication (CVE-2023-42770) and then execute code with‍ root privileges (CVE-2023-40151).
* Attack Vector: Unauthenticated attacker (meaning no login credentials are ⁤needed to initiate the attack).
* Communication Protocol: The vulnerabilities relate to the proprietary Sixnet “Universal” protocol and use of UDP and TCP.
* Configuration Tool: The RTUs are configured using a Windows utility called⁣ Sixnet IO Tool‍ Kit.

In simpler terms:

These vulnerabilities allow a hacker to potentially take complete control of industrial⁢ control systems made by Red⁣ lion. They can do this without needing a username or password, and ⁤once inside, they can run any command they want with the highest level of ‍access. This could have⁢ serious consequences for critical infrastructure like power plants, water treatment facilities, and manufacturing operations.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, hacker news, hacking news, how to hack, information security, Network security, ransomware malware, software vulnerability, the hacker news

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com