Search criteria
27 vulnerabilities found for crimson by redlion
FKIE_CVE-2023-5719
Vulnerability from fkie_nvd - Published: 2023-11-06 20:15 - Updated: 2024-11-21 08:42
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories | Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redlion | crimson | * | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | crimson | 3.2 | |
| redlion | da50a | - | |
| redlion | da70a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4295D087-6FAF-4443-AC03-5D2DF83AE38E",
"versionEndExcluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0008.0:*:*:*:*:*:*",
"matchCriteriaId": "2462AB8D-13B5-434F-B53F-AC43952C59D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0014.0:*:*:*:*:*:*",
"matchCriteriaId": "7AEFD4D3-3A5E-4A97-8F8A-00A802EC046E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0015.0:*:*:*:*:*:*",
"matchCriteriaId": "4FC7C595-57E9-46BE-A507-7155310F5BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0016.0:*:*:*:*:*:*",
"matchCriteriaId": "3EFBC0AE-1BDC-4159-8FA2-4626E1A02F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0020.0:*:*:*:*:*:*",
"matchCriteriaId": "1F6BEB68-BB83-488F-BAD1-674FDA11B7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0021.0:*:*:*:*:*:*",
"matchCriteriaId": "8C0B5D43-45BD-4A85-808F-8A0B9818F83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0025.0:*:*:*:*:*:*",
"matchCriteriaId": "7202BC35-500E-4DD5-BD65-5E5F849AB97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0026.0:*:*:*:*:*:*",
"matchCriteriaId": "EEE9C0C7-23DC-406E-B89C-CE7C66E4BBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0030.0:*:*:*:*:*:*",
"matchCriteriaId": "83A2D6CA-1BB5-4096-921B-4A722A97AA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0031.0:*:*:*:*:*:*",
"matchCriteriaId": "9254CF9B-4421-4808-873E-0D0C568FFC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0035.0:*:*:*:*:*:*",
"matchCriteriaId": "5FA689AC-FDFB-493F-86F0-5C8252B1DB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0036.0:*:*:*:*:*:*",
"matchCriteriaId": "AB9216B2-FA80-4B8E-B3E7-F1CA85534F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0040.0:*:*:*:*:*:*",
"matchCriteriaId": "89B84594-35D4-40AA-9E66-53D4F586F3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0041.0:*:*:*:*:*:*",
"matchCriteriaId": "85C30545-0932-4F9C-984E-FAAA464D3DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0044.0:*:*:*:*:*:*",
"matchCriteriaId": "C092F331-B3DD-4CA9-B855-B9D30454842C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0047.0:*:*:*:*:*:*",
"matchCriteriaId": "D95F12E5-B703-4F62-BD8B-43AEB1E1716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0050.0:*:*:*:*:*:*",
"matchCriteriaId": "E31D51E4-FD61-4583-81A9-7F349523C7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0051.0:*:*:*:*:*:*",
"matchCriteriaId": "B413CDBE-65DF-4012-A17E-C97A869CD9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0053.0:*:*:*:*:*:*",
"matchCriteriaId": "B20CE831-D90B-41AB-88F7-6488799EF10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0053.1:*:*:*:*:*:*",
"matchCriteriaId": "A3BF2AD6-4B14-4A6D-AF6E-EFAF138D52C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0053.18:*:*:*:*:*:*",
"matchCriteriaId": "57F4B49C-2A3B-4240-BF79-F0F91FA12E05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:redlion:da50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F375BCC0-0CC2-4ABE-8C9F-B22727E71A22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:redlion:da70a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58648F47-7CB3-4347-B8EF-5D71F1C9F1CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\n\n"
},
{
"lang": "es",
"value": "La herramienta de configuraci\u00f3n Crimson 3.2 basada en Windows permite a los usuarios con acceso administrativo definir nuevas contrase\u00f1as para los usuarios y descargar la configuraci\u00f3n de seguridad resultante a un dispositivo. Si dicha contrase\u00f1a contiene el car\u00e1cter de porcentaje (%), se incluir\u00e1n valores no v\u00e1lidos, lo que podr\u00eda truncar la cadena si se encuentra un NUL. Si el administrador no detecta la contrase\u00f1a simplificada, el dispositivo podr\u00eda quedar en un estado vulnerable como resultado de que las credenciales se vean comprometidas m\u00e1s f\u00e1cilmente. Tenga en cuenta que las contrase\u00f1as ingresadas a trav\u00e9s del servidor web del sistema Crimson no sufren esta vulnerabilidad."
}
],
"id": "CVE-2023-5719",
"lastModified": "2024-11-21T08:42:21.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-06T20:15:07.950",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-158"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-3090
Vulnerability from fkie_nvd - Published: 2022-11-17 22:15 - Updated: 2024-11-21 07:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD20B4A3-0918-46D1-B589-3393BE7EF5FF",
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CD2A9A9A-0E39-4DCB-B7FB-66C5C9F92EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_477.003:*:*:*:*:*:*",
"matchCriteriaId": "E5C6FAD8-FE55-4D8A-8716-DACC58072DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_493.003:*:*:*:*:*:*",
"matchCriteriaId": "6BD524DE-13F4-4860-B64B-ABDEC69A31A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_493.004:*:*:*:*:*:*",
"matchCriteriaId": "C392CE80-2434-4D51-8A06-35075DBB4781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_493.005:*:*:*:*:*:*",
"matchCriteriaId": "4C290027-C1A9-4835-B12F-2237B83246BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_502.000:*:*:*:*:*:*",
"matchCriteriaId": "EF173B3B-9598-4CA7-98E0-254966A877BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_502.001:*:*:*:*:*:*",
"matchCriteriaId": "D141087B-1985-4C6E-9DAC-D895558549F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_502.003:*:*:*:*:*:*",
"matchCriteriaId": "8CC060CF-A718-4EF5-B631-1CA84DB5C585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_515.002:*:*:*:*:*:*",
"matchCriteriaId": "5513BEF5-6DD2-48D1-9F97-29489032B1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_515.003:*:*:*:*:*:*",
"matchCriteriaId": "BD1F2913-490C-405B-B2CF-5BE179BBA939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_523.003:*:*:*:*:*:*",
"matchCriteriaId": "B97A0068-EC7C-47EB-B086-014D35324D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_530.000:*:*:*:*:*:*",
"matchCriteriaId": "1EA3107F-CEA0-40C1-85B3-71F7AA0F5D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_530.001:*:*:*:*:*:*",
"matchCriteriaId": "58828C17-CA25-4A82-ADA9-0B205B335F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_530.002:*:*:*:*:*:*",
"matchCriteriaId": "482B8A43-B5A6-4EFA-A524-B570C118905C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_530.003:*:*:*:*:*:*",
"matchCriteriaId": "AB7F2E5C-783F-40E5-AE04-1619E677A358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_548.001:*:*:*:*:*:*",
"matchCriteriaId": "819AC791-1A5D-475F-A92B-9FCDD2536F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_548.005:*:*:*:*:*:*",
"matchCriteriaId": "C9DB3C3E-FA86-4AC2-BF5B-C214C111BAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_573.001:*:*:*:*:*:*",
"matchCriteriaId": "32BECE93-E534-4233-90A5-271D7DFBA69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_573.002:*:*:*:*:*:*",
"matchCriteriaId": "04991137-C936-42EF-BC0A-64E7BD060A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_579.001:*:*:*:*:*:*",
"matchCriteriaId": "5E825360-9C11-4621-8E95-771283A8C595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_579.003:*:*:*:*:*:*",
"matchCriteriaId": "F1631E25-25F0-48DA-8D21-E721FB958628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_582.000:*:*:*:*:*:*",
"matchCriteriaId": "30243F2C-E2A2-446D-A53C-0A2D224CC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_582.001:*:*:*:*:*:*",
"matchCriteriaId": "23A4FBD2-D9BD-4F49-9BE9-4F513A489276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_582.003:*:*:*:*:*:*",
"matchCriteriaId": "55BD764E-C72C-4B1B-848E-14802E3A9556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_582.004:*:*:*:*:*:*",
"matchCriteriaId": "5BC101DD-44E8-4F51-B3BC-EE7BFECEDF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_599.000:*:*:*:*:*:*",
"matchCriteriaId": "D1CCFBD2-69BE-4887-876F-FD78AC2E968D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_599.001:*:*:*:*:*:*",
"matchCriteriaId": "07E59B30-ABA5-4A4B-AA01-1907C8014B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_603.000:*:*:*:*:*:*",
"matchCriteriaId": "0182346F-CFFC-4153-B8D7-B6CF760F886C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_605.002:*:*:*:*:*:*",
"matchCriteriaId": "4EA96CB1-2CE1-43EB-9378-450E3CC007E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_615.004:*:*:*:*:*:*",
"matchCriteriaId": "058DF1BE-B53F-4BAD-934F-0AD8FAB75FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_619.002:*:*:*:*:*:*",
"matchCriteriaId": "D308405B-869C-4D87-84DF-7A669A701DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_619.004:*:*:*:*:*:*",
"matchCriteriaId": "5C73AD75-E6CB-4A29-AEC0-5FA90010B77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_624.000:*:*:*:*:*:*",
"matchCriteriaId": "BDE624CE-3561-48F0-9075-41E86680B369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_624.005:*:*:*:*:*:*",
"matchCriteriaId": "F7D1F1FD-0928-436E-8533-544C4C43D1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_635.000:*:*:*:*:*:*",
"matchCriteriaId": "333AAC85-4F02-435F-945D-89017D912611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_635.001:*:*:*:*:*:*",
"matchCriteriaId": "A4BB200E-1279-4100-8281-8161299F8769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_639.000:*:*:*:*:*:*",
"matchCriteriaId": "2D5428C8-B2EC-43C8-8AF4-B41FAF625C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_640.000:*:*:*:*:*:*",
"matchCriteriaId": "255362CF-BC54-46AC-A082-9E8508B09DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_640.001:*:*:*:*:*:*",
"matchCriteriaId": "EDA47C72-B49C-4556-9B67-2C3EF7E519D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_640.002:*:*:*:*:*:*",
"matchCriteriaId": "BFF7FA01-49D5-4B78-85B4-5AEC08F45F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_647.002:*:*:*:*:*:*",
"matchCriteriaId": "21623993-816B-4A64-BB37-E4E4A5C24A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_657.001:*:*:*:*:*:*",
"matchCriteriaId": "481BA483-E4EC-40C3-91BF-B382DFBC8A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_657.003:*:*:*:*:*:*",
"matchCriteriaId": "3EF367C8-322E-4B89-B9A7-7B1DFF8798FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_662.002:*:*:*:*:*:*",
"matchCriteriaId": "5A18054B-13F5-4CEF-AFBD-C3D660E3891C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_662.006:*:*:*:*:*:*",
"matchCriteriaId": "8AE60BE2-C1D1-43D6-A48D-7C7B351CB6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_675.000:*:*:*:*:*:*",
"matchCriteriaId": "7A9BB7D4-A210-41FF-AAA1-D5CD0CC07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_678.002:*:*:*:*:*:*",
"matchCriteriaId": "7B6D4609-47D1-4BB8-93CE-2FC4C219E7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_683.000:*:*:*:*:*:*",
"matchCriteriaId": "0B716D98-836E-4FF0-BBE6-1ABE8C962EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_683.001:*:*:*:*:*:*",
"matchCriteriaId": "E12C93CE-D6F9-4398-A988-42CFBD1454C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_683.002:*:*:*:*:*:*",
"matchCriteriaId": "794315C2-079E-4063-B1E4-C1B21B6AB45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_690.001:*:*:*:*:*:*",
"matchCriteriaId": "1CE88160-F135-44C7-AEFE-9F4DFC05CC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_690.002:*:*:*:*:*:*",
"matchCriteriaId": "1B4E0DCE-CC6A-460B-844C-657187C496C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_693.000:*:*:*:*:*:*",
"matchCriteriaId": "EF65E301-D47C-4FBB-8A0F-B43C11388936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_694.000:*:*:*:*:*:*",
"matchCriteriaId": "2167BF20-6A1A-49FE-ACE2-15232A2B2D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_697.001:*:*:*:*:*:*",
"matchCriteriaId": "B33B8DAA-BEE3-46A8-92BF-8EDC4E05EEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_697.002:*:*:*:*:*:*",
"matchCriteriaId": "8AC3890F-2C30-47DF-BF7E-398AB4AA7DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_697.003:*:*:*:*:*:*",
"matchCriteriaId": "3237341F-F771-4DA5-8FB8-90B8A42B9BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_700.000:*:*:*:*:*:*",
"matchCriteriaId": "BC75A7D8-AE81-43E9-A1F5-0CCD995B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_702.002:*:*:*:*:*:*",
"matchCriteriaId": "4421B3A0-D9B9-4DDB-8F7B-748920483819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_702.004:*:*:*:*:*:*",
"matchCriteriaId": "3126A4CF-9ECE-4C7F-8D7D-EE1785645E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_703.001:*:*:*:*:*:*",
"matchCriteriaId": "3370F739-B6FA-476C-98AD-15329C0DF368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_705.000:*:*:*:*:*:*",
"matchCriteriaId": "C10F32FD-3A78-4C4B-99CE-D6E660BD3680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.0:build_707.000:*:*:*:*:*:*",
"matchCriteriaId": "E081D1CB-5479-4629-8B1F-649BAED95893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "7EDD5D63-A62C-4CCF-92CC-DDC04B2C9394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.000:*:*:*:*:*:*",
"matchCriteriaId": "42E389EB-D26E-4733-8DC1-C0B7FF73CA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.002:*:*:*:*:*:*",
"matchCriteriaId": "117A2023-798F-4829-8249-ACCC49A57064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.003:*:*:*:*:*:*",
"matchCriteriaId": "938C0243-9A8E-42A7-81D6-C4E2DFCDD995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.008:*:*:*:*:*:*",
"matchCriteriaId": "C51F7243-90AE-46A2-A292-B07CE332E7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.009:*:*:*:*:*:*",
"matchCriteriaId": "1C250714-2F91-44CC-A9BF-D0E2A48EC2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.010:*:*:*:*:*:*",
"matchCriteriaId": "669E041F-5209-4430-8D30-9FBCB061C1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3101.001:*:*:*:*:*:*",
"matchCriteriaId": "91E69A39-450E-4C00-BB7D-873735FF09D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3104.000:*:*:*:*:*:*",
"matchCriteriaId": "1AE35564-E812-45F6-AA03-9FD6AD7DA8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3106.000:*:*:*:*:*:*",
"matchCriteriaId": "C9D8D132-7A5E-42D7-B679-AE2D8DD218D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3106.004:*:*:*:*:*:*",
"matchCriteriaId": "9C597C17-2D73-407D-A783-CF4C3379F0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3108.002:*:*:*:*:*:*",
"matchCriteriaId": "5B53ABF6-687A-4FEA-B00B-E3164775B071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3108.004:*:*:*:*:*:*",
"matchCriteriaId": "3C2A8184-C0DC-40AD-AF7A-0FC6CBDD5D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3109.003:*:*:*:*:*:*",
"matchCriteriaId": "78A264F8-AD8F-488A-A8E8-C073092740B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3109.004:*:*:*:*:*:*",
"matchCriteriaId": "2CA78AF9-1417-4AEA-82F8-7BED6A5D695C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3110.000:*:*:*:*:*:*",
"matchCriteriaId": "E45F42D4-B88E-4740-A961-9C180DCC6FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3110.002:*:*:*:*:*:*",
"matchCriteriaId": "61A70D40-854E-490A-87CE-85EED9761AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3110.004:*:*:*:*:*:*",
"matchCriteriaId": "1911872C-9341-48A1-A6FD-07D1C7B56BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3111.000:*:*:*:*:*:*",
"matchCriteriaId": "00470300-FB88-4114-8FAF-36314F21A227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3112.000:*:*:*:*:*:*",
"matchCriteriaId": "8F636A15-BFA0-470F-86E4-49666ACB4191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3113.000:*:*:*:*:*:*",
"matchCriteriaId": "DB1AA647-DC3D-433E-A455-1BBA6B919EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3114.002:*:*:*:*:*:*",
"matchCriteriaId": "E4C0F453-2F46-4A3D-A1A5-69A78B56578A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3115.006:*:*:*:*:*:*",
"matchCriteriaId": "B49293D9-3EF9-4755-AA2F-6A940F66ED0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3115.008:*:*:*:*:*:*",
"matchCriteriaId": "9D2A4AEC-93FD-4CC1-9FE6-CF616407CDA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3115.009:*:*:*:*:*:*",
"matchCriteriaId": "15856A25-445F-42F9-9BAD-1EFFDB8320CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3116.000:*:*:*:*:*:*",
"matchCriteriaId": "92A98980-1131-4338-BEEE-BF65E4ED5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3119.001:*:*:*:*:*:*",
"matchCriteriaId": "8E69870C-D803-42E8-A380-547E74C0DAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3119.002:*:*:*:*:*:*",
"matchCriteriaId": "C72C69C6-FC2D-4A9B-8FBA-8433C0A49A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3120.000:*:*:*:*:*:*",
"matchCriteriaId": "EA0B1875-1D3C-4F9A-815B-3A822F54B314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3120.001:*:*:*:*:*:*",
"matchCriteriaId": "80E5CF3E-5F8C-4448-B9AD-760EC4F3EFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3121.000:*:*:*:*:*:*",
"matchCriteriaId": "827DF512-A83C-4BB6-9A9E-BEBE321E5DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3122.000:*:*:*:*:*:*",
"matchCriteriaId": "B9D6E436-FD9D-4487-9493-ABB5175DF20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3122.001:*:*:*:*:*:*",
"matchCriteriaId": "04524BEB-7DC2-4F02-A6B5-4E2E4A767329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3123.000:*:*:*:*:*:*",
"matchCriteriaId": "890AE6A8-CCDC-40A9-B094-A1C61DAEDE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3123.001:*:*:*:*:*:*",
"matchCriteriaId": "2B9500D2-4429-4AF5-9F87-38BC2344F75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3124.000:*:*:*:*:*:*",
"matchCriteriaId": "29FB4BA1-3CCD-41D6-94E0-E9548790A8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3125.003:*:*:*:*:*:*",
"matchCriteriaId": "F9A16ED0-E81B-4720-BE03-0A45D69D73C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3125.006:*:*:*:*:*:*",
"matchCriteriaId": "349D42CE-EC9D-4671-94C9-B8DAFC2C9307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3125.007:*:*:*:*:*:*",
"matchCriteriaId": "4695353C-274A-41B1-A363-1F1E7D23D2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3126.000:*:*:*:*:*:*",
"matchCriteriaId": "5EBA03E2-16D7-4C52-96C3-904C8E2ABE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3126.001:*:*:*:*:*:*",
"matchCriteriaId": "4C211F1D-57D5-4BEB-B3A2-E6BA1AD7B377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "7AF3083B-B556-40D4-83DF-46FFB2EB92E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0008.0:*:*:*:*:*:*",
"matchCriteriaId": "2462AB8D-13B5-434F-B53F-AC43952C59D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0014.0:*:*:*:*:*:*",
"matchCriteriaId": "7AEFD4D3-3A5E-4A97-8F8A-00A802EC046E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0015.0:*:*:*:*:*:*",
"matchCriteriaId": "4FC7C595-57E9-46BE-A507-7155310F5BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0016.0:*:*:*:*:*:*",
"matchCriteriaId": "3EFBC0AE-1BDC-4159-8FA2-4626E1A02F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0020.0:*:*:*:*:*:*",
"matchCriteriaId": "1F6BEB68-BB83-488F-BAD1-674FDA11B7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0021.0:*:*:*:*:*:*",
"matchCriteriaId": "8C0B5D43-45BD-4A85-808F-8A0B9818F83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0025.0:*:*:*:*:*:*",
"matchCriteriaId": "7202BC35-500E-4DD5-BD65-5E5F849AB97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0026.0:*:*:*:*:*:*",
"matchCriteriaId": "EEE9C0C7-23DC-406E-B89C-CE7C66E4BBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0030.0:*:*:*:*:*:*",
"matchCriteriaId": "83A2D6CA-1BB5-4096-921B-4A722A97AA7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0031.0:*:*:*:*:*:*",
"matchCriteriaId": "9254CF9B-4421-4808-873E-0D0C568FFC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0035.0:*:*:*:*:*:*",
"matchCriteriaId": "5FA689AC-FDFB-493F-86F0-5C8252B1DB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0036.0:*:*:*:*:*:*",
"matchCriteriaId": "AB9216B2-FA80-4B8E-B3E7-F1CA85534F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0040.0:*:*:*:*:*:*",
"matchCriteriaId": "89B84594-35D4-40AA-9E66-53D4F586F3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0041.0:*:*:*:*:*:*",
"matchCriteriaId": "85C30545-0932-4F9C-984E-FAAA464D3DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0044.0:*:*:*:*:*:*",
"matchCriteriaId": "C092F331-B3DD-4CA9-B855-B9D30454842C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user\u0027s password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes."
},
{
"lang": "es",
"value": "Red Lion Controls Crimson 3.0 versiones 707.000 y anteriores, Crimson 3.1 versiones 3126.001 y anteriores, y Crimson 3.2 versiones 3.2.0044.0 y anteriores son vulnerables al path traversal. Al intentar abrir un archivo usando una ruta espec\u00edfica, el hash de la contrase\u00f1a del usuario se env\u00eda a un host arbitrario. Esto podr\u00eda permitir a un atacante obtener hashes de credenciales de usuario."
}
],
"id": "CVE-2022-3090",
"lastModified": "2024-11-21T07:18:48.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-17T22:15:10.700",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-27283
Vulnerability from fkie_nvd - Published: 2021-01-06 16:15 - Updated: 2024-11-21 05:20
Severity ?
Summary
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "921EFEC7-A52F-4C69-B5EC-29067036D1F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations."
},
{
"lang": "es",
"value": "Un atacante podr\u00eda enviar un mensaje especialmente dise\u00f1ado a Crimson versi\u00f3n 3.1 (versiones de Compilaci\u00f3n anteriores a 3119.001) que podr\u00eda filtrar ubicaciones de memoria arbitrarias"
}
],
"id": "CVE-2020-27283",
"lastModified": "2024-11-21T05:20:59.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-06T16:15:12.360",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-27279
Vulnerability from fkie_nvd - Published: 2021-01-06 16:15 - Updated: 2024-11-21 05:20
Severity ?
Summary
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "921EFEC7-A52F-4C69-B5EC-29067036D1F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001)."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de deferencia del puntero NULL en el convertidor de protocolo.\u0026#xa0;Un atacante podr\u00eda enviar un paquete especialmente dise\u00f1ado que podr\u00eda reiniciar el dispositivo que ejecuta Crimson versi\u00f3n 3.1 (versiones de Compilaci\u00f3n anteriores a 3119.001)"
}
],
"id": "CVE-2020-27279",
"lastModified": "2024-11-21T05:20:59.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-06T16:15:12.283",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-27285
Vulnerability from fkie_nvd - Published: 2021-01-06 15:15 - Updated: 2024-11-21 05:20
Severity ?
Summary
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "921EFEC7-A52F-4C69-B5EC-29067036D1F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication."
},
{
"lang": "es",
"value": "La configuraci\u00f3n predeterminada de Crimson versi\u00f3n 3.1 (versiones de compilaci\u00f3n anteriores a 3119.001), permite a un usuario ser capaz de leer y modificar la base de datos sin autenticaci\u00f3n"
}
],
"id": "CVE-2020-27285",
"lastModified": "2024-11-21T05:20:59.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-06T15:15:14.600",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10996
Vulnerability from fkie_nvd - Published: 2019-09-23 16:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-248-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-248-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9472F-1425-468D-86E7-C91BCA30692D",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDEB3A0-80D0-4A18-8F21-1BE069654E73",
"versionEndExcluding": "3112.00",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed."
},
{
"lang": "es",
"value": "Red Lion Controls Crimson, versi\u00f3n 3.0 y anterior y versi\u00f3n 3.1 anterior a la publicaci\u00f3n 3112.00, permite que m\u00faltiples vulnerabilidades sean explotadas cuando un usuario v\u00e1lido abre un archivo de entrada malicioso especialmente dise\u00f1ado que puede hacer referencia a la memoria despu\u00e9s de que haya sido liberada."
}
],
"id": "CVE-2019-10996",
"lastModified": "2024-11-21T04:20:19.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-23T16:15:14.897",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10978
Vulnerability from fkie_nvd - Published: 2019-09-23 16:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-248-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-248-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9472F-1425-468D-86E7-C91BCA30692D",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDEB3A0-80D0-4A18-8F21-1BE069654E73",
"versionEndExcluding": "3112.00",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area."
},
{
"lang": "es",
"value": "Red Lion Controls Crimson, versi\u00f3n 3.0 y anterior y versi\u00f3n 3.1 anterior a la publicaci\u00f3n 3112.00, permite que m\u00faltiples vulnerabilidades sean explotadas cuando un usuario v\u00e1lido abre un archivo de entrada malicioso especialmente dise\u00f1ado que opera fuera del \u00e1rea de memoria designada."
}
],
"id": "CVE-2019-10978",
"lastModified": "2024-11-21T04:20:17.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-23T16:15:14.713",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10990
Vulnerability from fkie_nvd - Published: 2019-09-23 16:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-248-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-248-01 | Mitigation, Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9472F-1425-468D-86E7-C91BCA30692D",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDEB3A0-80D0-4A18-8F21-1BE069654E73",
"versionEndExcluding": "3112.00",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files."
},
{
"lang": "es",
"value": "Red Lion Controls Crimson, versi\u00f3n 3.0 y anterior y versi\u00f3n 3.1 anterior a la publicaci\u00f3n 3112.00, utiliza una contrase\u00f1a embebida para encriptar archivos protegidos en tr\u00e1nsito y en reposo, lo que puede permitir a un atacante acceder a los archivos de configuraci\u00f3n."
}
],
"id": "CVE-2019-10990",
"lastModified": "2024-11-21T04:20:18.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-23T16:15:14.837",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10984
Vulnerability from fkie_nvd - Published: 2019-09-23 16:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-248-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-248-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C9472F-1425-468D-86E7-C91BCA30692D",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDEB3A0-80D0-4A18-8F21-1BE069654E73",
"versionEndExcluding": "3112.00",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers."
},
{
"lang": "es",
"value": "Red Lion Controls Crimson, versi\u00f3n 3.0 y anteriores y versi\u00f3n 3.1 anterior a la publicaci\u00f3n 3112.00, permite que m\u00faltiples vulnerabilidades sean explotadas cuando un usuario v\u00e1lido abre un archivo de entrada malicioso especialmente dise\u00f1ado que causa que el programa maneje inapropiadamente los punteros."
}
],
"id": "CVE-2019-10984",
"lastModified": "2024-11-21T04:20:17.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-23T16:15:14.790",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-465"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-5719 (GCVE-0-2023-5719)
Vulnerability from cvelistv5 – Published: 2023-11-06 19:33 – Updated: 2025-01-16 21:26
VLAI?
Title
Red Lion Crimson Improper Neutralization of Null Byte or NUL Character
Summary
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-158 - Improper Neutralization of Null Byte or NUL Character
Assigner
References
Credits
Alexander Ratelle of Hepburn Engineering Inc. reported this vulnerability to Red Lion.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:19:56.453751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:43.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Crimson",
"vendor": "Red Lion",
"versions": [
{
"lessThanOrEqual": "v3.2.0053.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Alexander Ratelle of Hepburn Engineering Inc. reported this vulnerability to Red Lion."
}
],
"datePublic": "2023-11-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\u003c/span\u003e\n\n"
}
],
"value": "\nThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-158",
"description": "CWE-158 Improper Neutralization of Null Byte or NUL Character",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T19:33:20.369Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
},
{
"url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eRed Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.redlion.net/node/16883\"\u003eRed Lion website\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAny existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below.\u003c/p\u003e\u003cp\u003eFor more information refer to Red Lion\u0027s security advisory \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories\"\u003eRLCSIM-2023-04\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nRed Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the Red Lion website https://www.redlion.net/node/16883 .\n\nAny existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below.\n\nFor more information refer to Red Lion\u0027s security advisory RLCSIM-2023-04 https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories .\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-23-306-01",
"discovery": "EXTERNAL"
},
"title": "Red Lion Crimson Improper Neutralization of Null Byte or NUL Character",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5719",
"datePublished": "2023-11-06T19:33:20.369Z",
"dateReserved": "2023-10-23T13:58:41.363Z",
"dateUpdated": "2025-01-16T21:26:43.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3090 (GCVE-0-2022-3090)
Vulnerability from cvelistv5 – Published: 2022-11-17 21:55 – Updated: 2025-04-16 16:06
VLAI?
Summary
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Lion Controls | Crimson 3.0 |
Affected:
All versions , ≤ 707.000
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Dragos reported this vulnerability to Red Lion Controls, who reported this vulnerability to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:32.172066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:06:05.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Crimson 3.0",
"vendor": "Red Lion Controls",
"versions": [
{
"lessThanOrEqual": "707.000",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "Crimson 3.1",
"vendor": "Red Lion Controls",
"versions": [
{
"lessThanOrEqual": "3126.001",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "Crimson 3.2",
"vendor": "Red Lion Controls",
"versions": [
{
"lessThanOrEqual": "3.2.0044.0",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dragos reported this vulnerability to Red Lion Controls, who reported this vulnerability to CISA"
}
],
"datePublic": "2022-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user\u0027s password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3090",
"datePublished": "2022-11-17T21:55:37.791Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:06:05.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27283 (GCVE-0-2020-27283)
Vulnerability from cvelistv5 – Published: 2021-01-06 15:05 – Updated: 2024-08-04 16:11
VLAI?
Summary
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
Severity ?
No CVSS data available.
CWE
- CWE-404 - IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Crimson 3.1 |
Affected:
Build versions prior to 3119.001
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crimson 3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build versions prior to 3119.001"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T15:05:07",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crimson 3.1",
"version": {
"version_data": [
{
"version_value": "Build versions prior to 3119.001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27283",
"datePublished": "2021-01-06T15:05:07",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27279 (GCVE-0-2020-27279)
Vulnerability from cvelistv5 – Published: 2021-01-06 15:03 – Updated: 2024-08-04 16:11
VLAI?
Summary
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL POINTER DEREFERENCE CWE-476
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Crimson 3.1 |
Affected:
Build versions prior to 3119.001
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crimson 3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build versions prior to 3119.001"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL POINTER DEREFERENCE CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T15:03:47",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crimson 3.1",
"version": {
"version_data": [
{
"version_value": "Build versions prior to 3119.001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL POINTER DEREFERENCE CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27279",
"datePublished": "2021-01-06T15:03:47",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27285 (GCVE-0-2020-27285)
Vulnerability from cvelistv5 – Published: 2021-01-06 15:01 – Updated: 2024-08-04 16:11
VLAI?
Summary
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.
Severity ?
No CVSS data available.
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Crimson 3.1 |
Affected:
Build versions prior to 3119.001
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crimson 3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build versions prior to 3119.001"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T15:01:44",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crimson 3.1",
"version": {
"version_data": [
{
"version_value": "Build versions prior to 3119.001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27285",
"datePublished": "2021-01-06T15:01:44",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10984 (GCVE-0-2019-10984)
Vulnerability from cvelistv5 – Published: 2019-09-23 15:58 – Updated: 2024-08-04 22:40
VLAI?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.
Severity ?
No CVSS data available.
CWE
- CWE-465 - POINTER ISSUES CWE-465
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Red Lion Controls Crimson (Windows configuration software) |
Affected:
Version 3.0 and prior, Version 3.1 prior to release 3112.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Lion Controls Crimson (Windows configuration software)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-465",
"description": "POINTER ISSUES CWE-465",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T15:58:41",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Lion Controls Crimson (Windows configuration software)",
"version": {
"version_data": [
{
"version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "POINTER ISSUES CWE-465"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10984",
"datePublished": "2019-09-23T15:58:41",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10978 (GCVE-0-2019-10978)
Vulnerability from cvelistv5 – Published: 2019-09-23 15:58 – Updated: 2024-08-04 22:40
VLAI?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.
Severity ?
No CVSS data available.
CWE
- CWE-119 - IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Red Lion Controls Crimson (Windows configuration software) |
Affected:
Version 3.0 and prior, Version 3.1 prior to release 3112.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Lion Controls Crimson (Windows configuration software)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T15:58:32",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Lion Controls Crimson (Windows configuration software)",
"version": {
"version_data": [
{
"version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10978",
"datePublished": "2019-09-23T15:58:32",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10996 (GCVE-0-2019-10996)
Vulnerability from cvelistv5 – Published: 2019-09-23 15:58 – Updated: 2024-08-04 22:40
VLAI?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.
Severity ?
No CVSS data available.
CWE
- CWE-416 - USE AFTER FREE CWE-416
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Red Lion Controls Crimson (Windows configuration software) |
Affected:
Version 3.0 and prior, Version 3.1 prior to release 3112.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Lion Controls Crimson (Windows configuration software)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T15:58:11",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Lion Controls Crimson (Windows configuration software)",
"version": {
"version_data": [
{
"version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10996",
"datePublished": "2019-09-23T15:58:11",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10990 (GCVE-0-2019-10990)
Vulnerability from cvelistv5 – Published: 2019-09-23 15:46 – Updated: 2024-08-04 22:40
VLAI?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.
Severity ?
No CVSS data available.
CWE
- CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Red Lion Controls Crimson (Windows configuration software) |
Affected:
Version 3.0 and prior, Version 3.1 prior to release 3112.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Lion Controls Crimson (Windows configuration software)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T15:46:43",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Lion Controls Crimson (Windows configuration software)",
"version": {
"version_data": [
{
"version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10990",
"datePublished": "2019-09-23T15:46:43",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5719 (GCVE-0-2023-5719)
Vulnerability from nvd – Published: 2023-11-06 19:33 – Updated: 2025-01-16 21:26
VLAI?
Title
Red Lion Crimson Improper Neutralization of Null Byte or NUL Character
Summary
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.
Severity ?
8.8 (High)
CWE
- CWE-158 - Improper Neutralization of Null Byte or NUL Character
Assigner
References
Credits
Alexander Ratelle of Hepburn Engineering Inc. reported this vulnerability to Red Lion.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:19:56.453751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:43.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Crimson",
"vendor": "Red Lion",
"versions": [
{
"lessThanOrEqual": "v3.2.0053.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Alexander Ratelle of Hepburn Engineering Inc. reported this vulnerability to Red Lion."
}
],
"datePublic": "2023-11-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\u003c/span\u003e\n\n"
}
],
"value": "\nThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-158",
"description": "CWE-158 Improper Neutralization of Null Byte or NUL Character",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T19:33:20.369Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
},
{
"url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eRed Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.redlion.net/node/16883\"\u003eRed Lion website\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAny existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below.\u003c/p\u003e\u003cp\u003eFor more information refer to Red Lion\u0027s security advisory \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories\"\u003eRLCSIM-2023-04\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nRed Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the Red Lion website https://www.redlion.net/node/16883 .\n\nAny existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below.\n\nFor more information refer to Red Lion\u0027s security advisory RLCSIM-2023-04 https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories .\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-23-306-01",
"discovery": "EXTERNAL"
},
"title": "Red Lion Crimson Improper Neutralization of Null Byte or NUL Character",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5719",
"datePublished": "2023-11-06T19:33:20.369Z",
"dateReserved": "2023-10-23T13:58:41.363Z",
"dateUpdated": "2025-01-16T21:26:43.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3090 (GCVE-0-2022-3090)
Vulnerability from nvd – Published: 2022-11-17 21:55 – Updated: 2025-04-16 16:06
VLAI?
Summary
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Lion Controls | Crimson 3.0 |
Affected:
All versions , ≤ 707.000
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Dragos reported this vulnerability to Red Lion Controls, who reported this vulnerability to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:32.172066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:06:05.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Crimson 3.0",
"vendor": "Red Lion Controls",
"versions": [
{
"lessThanOrEqual": "707.000",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "Crimson 3.1",
"vendor": "Red Lion Controls",
"versions": [
{
"lessThanOrEqual": "3126.001",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "Crimson 3.2",
"vendor": "Red Lion Controls",
"versions": [
{
"lessThanOrEqual": "3.2.0044.0",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dragos reported this vulnerability to Red Lion Controls, who reported this vulnerability to CISA"
}
],
"datePublic": "2022-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user\u0027s password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3090",
"datePublished": "2022-11-17T21:55:37.791Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:06:05.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27283 (GCVE-0-2020-27283)
Vulnerability from nvd – Published: 2021-01-06 15:05 – Updated: 2024-08-04 16:11
VLAI?
Summary
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
Severity ?
No CVSS data available.
CWE
- CWE-404 - IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Crimson 3.1 |
Affected:
Build versions prior to 3119.001
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crimson 3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build versions prior to 3119.001"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T15:05:07",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crimson 3.1",
"version": {
"version_data": [
{
"version_value": "Build versions prior to 3119.001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27283",
"datePublished": "2021-01-06T15:05:07",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27279 (GCVE-0-2020-27279)
Vulnerability from nvd – Published: 2021-01-06 15:03 – Updated: 2024-08-04 16:11
VLAI?
Summary
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL POINTER DEREFERENCE CWE-476
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Crimson 3.1 |
Affected:
Build versions prior to 3119.001
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crimson 3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build versions prior to 3119.001"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL POINTER DEREFERENCE CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T15:03:47",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crimson 3.1",
"version": {
"version_data": [
{
"version_value": "Build versions prior to 3119.001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL POINTER DEREFERENCE CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27279",
"datePublished": "2021-01-06T15:03:47",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27285 (GCVE-0-2020-27285)
Vulnerability from nvd – Published: 2021-01-06 15:01 – Updated: 2024-08-04 16:11
VLAI?
Summary
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.
Severity ?
No CVSS data available.
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Crimson 3.1 |
Affected:
Build versions prior to 3119.001
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Crimson 3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build versions prior to 3119.001"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T15:01:44",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crimson 3.1",
"version": {
"version_data": [
{
"version_value": "Build versions prior to 3119.001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27285",
"datePublished": "2021-01-06T15:01:44",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10984 (GCVE-0-2019-10984)
Vulnerability from nvd – Published: 2019-09-23 15:58 – Updated: 2024-08-04 22:40
VLAI?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.
Severity ?
No CVSS data available.
CWE
- CWE-465 - POINTER ISSUES CWE-465
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Red Lion Controls Crimson (Windows configuration software) |
Affected:
Version 3.0 and prior, Version 3.1 prior to release 3112.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Lion Controls Crimson (Windows configuration software)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-465",
"description": "POINTER ISSUES CWE-465",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T15:58:41",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Lion Controls Crimson (Windows configuration software)",
"version": {
"version_data": [
{
"version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "POINTER ISSUES CWE-465"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10984",
"datePublished": "2019-09-23T15:58:41",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10978 (GCVE-0-2019-10978)
Vulnerability from nvd – Published: 2019-09-23 15:58 – Updated: 2024-08-04 22:40
VLAI?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.
Severity ?
No CVSS data available.
CWE
- CWE-119 - IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Red Lion Controls Crimson (Windows configuration software) |
Affected:
Version 3.0 and prior, Version 3.1 prior to release 3112.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Lion Controls Crimson (Windows configuration software)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T15:58:32",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Lion Controls Crimson (Windows configuration software)",
"version": {
"version_data": [
{
"version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10978",
"datePublished": "2019-09-23T15:58:32",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10996 (GCVE-0-2019-10996)
Vulnerability from nvd – Published: 2019-09-23 15:58 – Updated: 2024-08-04 22:40
VLAI?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.
Severity ?
No CVSS data available.
CWE
- CWE-416 - USE AFTER FREE CWE-416
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Red Lion Controls Crimson (Windows configuration software) |
Affected:
Version 3.0 and prior, Version 3.1 prior to release 3112.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Lion Controls Crimson (Windows configuration software)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T15:58:11",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Lion Controls Crimson (Windows configuration software)",
"version": {
"version_data": [
{
"version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10996",
"datePublished": "2019-09-23T15:58:11",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10990 (GCVE-0-2019-10990)
Vulnerability from nvd – Published: 2019-09-23 15:46 – Updated: 2024-08-04 22:40
VLAI?
Summary
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.
Severity ?
No CVSS data available.
CWE
- CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Red Lion Controls Crimson (Windows configuration software) |
Affected:
Version 3.0 and prior, Version 3.1 prior to release 3112.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Lion Controls Crimson (Windows configuration software)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-23T15:46:43",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Lion Controls Crimson (Windows configuration software)",
"version": {
"version_data": [
{
"version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10990",
"datePublished": "2019-09-23T15:46:43",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}