CVE Published: 21/11/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: icscert |
Vendor: Red Lion Controls |
Product: ST-IPm-8460 Status : PUBLISHED
CVE-2023-40151 Description
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.
Metrics
CVSS Version: 3.1 |
Base Score: 10 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H