All the vulnerabilites related to Red Lion Controls - ST-IPm-8460
cve-2023-42770
Vulnerability from cvelistv5
Published
2023-11-21 00:14
Modified
2024-08-02 19:30
Severity ?
EPSS score ?
Summary
Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:30:24.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01" }, { "tags": [ "x_transferred" ], "url": "https://https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "ST-IPm-8460", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "6.0.202" } ] }, { "defaultStatus": "unaffected", "product": "ST-IPm-6350", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] }, { "defaultStatus": "unaffected", "product": "VT-mIPm-135-D", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] }, { "defaultStatus": "unaffected", "product": "VT-mIPm-245-D", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] }, { "defaultStatus": "unaffected", "product": "VT-IPm2m-213-D", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] }, { "defaultStatus": "unaffected", "product": "VT-IPm2m-113-D", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nitsan Litov of Claroty Research - Team82 reported these vulnerabilities to CISA." } ], "datePublic": "2023-11-16T18:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRed Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.\u003c/span\u003e\n\n" } ], "value": "\nRed Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using An Alternative Path Or Channel", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-21T00:14:18.734Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01" }, { "url": "https://https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cp\u003eRed Lion recommends users apply the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05\"\u003elatest patches\u003c/a\u003e\u0026nbsp;to their products.\u003c/p\u003e\u003cp\u003eRed Lion recommends users apply additional mitigations to help reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable user authentication, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\"\u003eRed Lion instructions\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\u003c/p\u003e\u003cp\u003eTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\u003c/p\u003e\u003cul\u003e\u003cli\u003eST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\u003c/li\u003e\u003cli\u003eST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\u003c/p\u003e\u003cul\u003e\u003cli\u003eST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\u003c/li\u003e\u003cli\u003eST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo Block all Sixnet UDR messages over TCP/IP:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable iptables rules to block TCP/IP traffic.\u003c/li\u003e\u003cli\u003eIn the Sixnet I/O Tool Kit go to Configuration\u0026gt;Configuration Station/Module\u0026gt;\"Ports\" tab\u0026gt;Security.\u003c/li\u003e\u003cli\u003eSelect the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRemove these rules from the default rc.firewall file:\u003c/p\u003e\u003cul\u003e\u003cli\u003eiptables -P INPUT DROP (Drops everything coming in)\u003c/li\u003e\u003cli\u003eiptables -P FORWARD DROP (Drops everything in FORWARD chain)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\u003c/p\u003e\u003cul\u003e\u003cli\u003einsmodip_tables (Initialization)\u003c/li\u003e\u003cli\u003einsmodiptable_filter (Initialization)\u003c/li\u003e\u003cli\u003einsmodip_conntrack (Initialization)\u003c/li\u003e\u003cli\u003einsmodiptable_nat (Initialization)\u003c/li\u003e\u003cli\u003eiptables -F INPUT (Flushes INPUT chain)\u003c/li\u003e\u003cli\u003eiptables -F OUTPUT (Flushes OUTPUT chain)\u003c/li\u003e\u003cli\u003eiptables -F FORWARD (Flushes FORWARD chain)\u003c/li\u003e\u003cli\u003eiptables -Z (Zero counters)\u003c/li\u003e\u003cli\u003eiptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\u003c/li\u003e\u003cli\u003eiptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor installation instructions see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\"\u003eRed Lion\u0027s support page\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor more information, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution\"\u003eRed Lion\u2019s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e" } ], "value": "\nRed Lion recommends users apply the latest patches https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05 \u00a0to their products.\n\nRed Lion recommends users apply additional mitigations to help reduce the risk:\n\n * Enable user authentication, see Red Lion instructions https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\n\nBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\n\nTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\n\n\nTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\n\n\nTo Block all Sixnet UDR messages over TCP/IP:\n\n * Enable iptables rules to block TCP/IP traffic.\n * In the Sixnet I/O Tool Kit go to Configuration\u003eConfiguration Station/Module\u003e\"Ports\" tab\u003eSecurity.\n * Select the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\n\n\nRemove these rules from the default rc.firewall file:\n\n * iptables -P INPUT DROP (Drops everything coming in)\n * iptables -P FORWARD DROP (Drops everything in FORWARD chain)\n\n\nAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\n\n * insmodip_tables (Initialization)\n * insmodiptable_filter (Initialization)\n * insmodip_conntrack (Initialization)\n * insmodiptable_nat (Initialization)\n * iptables -F INPUT (Flushes INPUT chain)\n * iptables -F OUTPUT (Flushes OUTPUT chain)\n * iptables -F FORWARD (Flushes FORWARD chain)\n * iptables -Z (Zero counters)\n * iptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\n * iptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\n\n\nFor installation instructions see Red Lion\u0027s support page https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\nFor more information, please refer to Red Lion\u2019s security bulletin https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution .\n\n\n\n\n" } ], "source": { "advisory": "ICSA-23-320-01", "discovery": "EXTERNAL" }, "title": "Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-42770", "datePublished": "2023-11-21T00:14:18.734Z", "dateReserved": "2023-09-18T22:41:48.077Z", "dateUpdated": "2024-08-02T19:30:24.517Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40151
Vulnerability from cvelistv5
Published
2023-11-21 00:11
Modified
2024-08-02 18:24
Severity ?
EPSS score ?
Summary
Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01" }, { "tags": [ "x_transferred" ], "url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "ST-IPm-8460", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "6.0.202" } ] }, { "defaultStatus": "unaffected", "product": "ST-IPm-6350", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] }, { "defaultStatus": "unaffected", "product": "VT-mIPm-135-D", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] }, { "defaultStatus": "unaffected", "product": "VT-mIPm-245-D", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] }, { "defaultStatus": "unaffected", "product": "VT-IPm2m-213-D", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] }, { "defaultStatus": "unaffected", "product": "VT-IPm2m-113-D", "vendor": "Red Lion Controls", "versions": [ { "status": "affected", "version": "4.9.114" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nitsan Litov of Claroty Research - Team82 reported these vulnerabilities to CISA." } ], "datePublic": "2023-11-16T18:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\u003c/span\u003e\n\n\u003c/span\u003e\n\n" } ], "value": "\n\n\nWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749 Exposed Dangerous Method Or Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-21T00:11:10.081Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01" }, { "url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cp\u003eRed Lion recommends users apply the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05\"\u003elatest patches\u003c/a\u003e\u0026nbsp;to their products.\u003c/p\u003e\u003cp\u003eRed Lion recommends users apply additional mitigations to help reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable user authentication, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\"\u003eRed Lion instructions\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\u003c/p\u003e\u003cp\u003eTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\u003c/p\u003e\u003cul\u003e\u003cli\u003eST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\u003c/li\u003e\u003cli\u003eST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\u003c/p\u003e\u003cul\u003e\u003cli\u003eST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\u003c/li\u003e\u003cli\u003eST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo Block all Sixnet UDR messages over TCP/IP:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable iptables rules to block TCP/IP traffic.\u003c/li\u003e\u003cli\u003eIn the Sixnet I/O Tool Kit go to Configuration\u0026gt;Configuration Station/Module\u0026gt;\"Ports\" tab\u0026gt;Security.\u003c/li\u003e\u003cli\u003eSelect the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRemove these rules from the default rc.firewall file:\u003c/p\u003e\u003cul\u003e\u003cli\u003eiptables -P INPUT DROP (Drops everything coming in)\u003c/li\u003e\u003cli\u003eiptables -P FORWARD DROP (Drops everything in FORWARD chain)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\u003c/p\u003e\u003cul\u003e\u003cli\u003einsmodip_tables (Initialization)\u003c/li\u003e\u003cli\u003einsmodiptable_filter (Initialization)\u003c/li\u003e\u003cli\u003einsmodip_conntrack (Initialization)\u003c/li\u003e\u003cli\u003einsmodiptable_nat (Initialization)\u003c/li\u003e\u003cli\u003eiptables -F INPUT (Flushes INPUT chain)\u003c/li\u003e\u003cli\u003eiptables -F OUTPUT (Flushes OUTPUT chain)\u003c/li\u003e\u003cli\u003eiptables -F FORWARD (Flushes FORWARD chain)\u003c/li\u003e\u003cli\u003eiptables -Z (Zero counters)\u003c/li\u003e\u003cli\u003eiptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\u003c/li\u003e\u003cli\u003eiptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor installation instructions see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\"\u003eRed Lion\u0027s support page\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor more information, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution\"\u003eRed Lion\u2019s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e" } ], "value": "\nRed Lion recommends users apply the latest patches https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05 \u00a0to their products.\n\nRed Lion recommends users apply additional mitigations to help reduce the risk:\n\n * Enable user authentication, see Red Lion instructions https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\n\nBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\n\nTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\n\n\nTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\n\n\nTo Block all Sixnet UDR messages over TCP/IP:\n\n * Enable iptables rules to block TCP/IP traffic.\n * In the Sixnet I/O Tool Kit go to Configuration\u003eConfiguration Station/Module\u003e\"Ports\" tab\u003eSecurity.\n * Select the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\n\n\nRemove these rules from the default rc.firewall file:\n\n * iptables -P INPUT DROP (Drops everything coming in)\n * iptables -P FORWARD DROP (Drops everything in FORWARD chain)\n\n\nAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\n\n * insmodip_tables (Initialization)\n * insmodiptable_filter (Initialization)\n * insmodip_conntrack (Initialization)\n * insmodiptable_nat (Initialization)\n * iptables -F INPUT (Flushes INPUT chain)\n * iptables -F OUTPUT (Flushes OUTPUT chain)\n * iptables -F FORWARD (Flushes FORWARD chain)\n * iptables -Z (Zero counters)\n * iptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\n * iptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\n\n\nFor installation instructions see Red Lion\u0027s support page https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\nFor more information, please refer to Red Lion\u2019s security bulletin https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution .\n\n\n\n\n" } ], "source": { "advisory": "ICSA-23-320-01", "discovery": "EXTERNAL" }, "title": "Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-40151", "datePublished": "2023-11-21T00:11:10.081Z", "dateReserved": "2023-09-18T22:41:48.086Z", "dateUpdated": "2024-08-02T18:24:55.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }