CVE-2019-10996 – Red Lion Crimson CD31 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10996
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. Red Lion Controls Crimson, versión 3.0 y anterior y versión 3.1 anterior a la publicación 3112.00, permite que múltiples vulnerabilidades sean explotadas cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado que puede hacer referencia a la memoria después de que haya sido liberada. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of CD31 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.us-cert.gov/ics/advisories/icsa-19-248-01 • CWE-416: Use After Free •
CVE-2019-10990 – Red Lion Crimson Hard-coded Cryptographic Key Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10990
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. Red Lion Controls Crimson, versión 3.0 y anterior y versión 3.1 anterior a la publicación 3112.00, utiliza una contraseña embebida para encriptar archivos protegidos en tránsito y en reposo, lo que puede permitir a un atacante acceder a los archivos de configuración. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTextStreamMemory class. The class contains hard-coded secrets in clear text. • https://www.us-cert.gov/ics/advisories/icsa-19-248-01 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVE-2016-9335
https://notcve.org/view.php?id=CVE-2016-9335
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). • https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVE-2017-14855
https://notcve.org/view.php?id=CVE-2017-14855
Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. Los paneles HMI de Red Lion permiten que los atacantes remotos provoquen una denegación de servicio (excepción de software) mediante una petición HTTP POST a un URI largo que no existe, tal y como se demuestra en la versión HMI 2.41 PLC 2.42. • http://misteralfa-hack.blogspot.cl/2017/12/red-lion-guru-mode-cve-2017-14855.html •
CVE-2017-16544 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2017-16544
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. En la función add_match en libbb/lineedit.c en BusyBox hasta la versión 1.27.2, la característica de autocompletar pestañas del shell, empleada para obtener una lista de nombres de archivo en un directorio, no inmuniza los nombres de archivo. Esto conduce a la ejecución de cualquier secuencia de escape en el terminal. Esto podría resultar en la ejecución de código, escrituras arbitrarias de archivos u otros ataques. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure/2020/Mar/15 http://seclists.org/fulldisclosure • CWE-94: Improper Control of Generation of Code ('Code Injection') •