CVE-2023-5719 – Red Lion Crimson Improper Neutralization of Null Byte or NUL Character
https://notcve.org/view.php?id=CVE-2023-5719
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability. La herramienta de configuración Crimson 3.2 basada en Windows permite a los usuarios con acceso administrativo definir nuevas contraseñas para los usuarios y descargar la configuración de seguridad resultante a un dispositivo. • https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVE-2022-3090
https://notcve.org/view.php?id=CVE-2022-3090
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. Red Lion Controls Crimson 3.0 versiones 707.000 y anteriores, Crimson 3.1 versiones 3126.001 y anteriores, y Crimson 3.2 versiones 3.2.0044.0 y anteriores son vulnerables al path traversal. Al intentar abrir un archivo usando una ruta específica, el hash de la contraseña del usuario se envía a un host arbitrario. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-27283
https://notcve.org/view.php?id=CVE-2020-27283
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations. Un atacante podría enviar un mensaje especialmente diseñado a Crimson versión 3.1 (versiones de Compilación anteriores a 3119.001) que podría filtrar ubicaciones de memoria arbitrarias • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 • CWE-404: Improper Resource Shutdown or Release •
CVE-2020-27279
https://notcve.org/view.php?id=CVE-2020-27279
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001). Se ha identificado una vulnerabilidad de deferencia del puntero NULL en el convertidor de protocolo. Un atacante podría enviar un paquete especialmente diseñado que podría reiniciar el dispositivo que ejecuta Crimson versión 3.1 (versiones de Compilación anteriores a 3119.001) • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 • CWE-476: NULL Pointer Dereference •
CVE-2020-27285
https://notcve.org/view.php?id=CVE-2020-27285
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication. La configuración predeterminada de Crimson versión 3.1 (versiones de compilación anteriores a 3119.001), permite a un usuario ser capaz de leer y modificar la base de datos sin autenticación • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 • CWE-306: Missing Authentication for Critical Function •