CVE-2023-5719 – Red Lion Crimson Improper Neutralization of Null Byte or NUL Character
https://notcve.org/view.php?id=CVE-2023-5719
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability. La herramienta de configuración Crimson 3.2 basada en Windows permite a los usuarios con acceso administrativo definir nuevas contraseñas para los usuarios y descargar la configuración de seguridad resultante a un dispositivo. • https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVE-2023-34412 – Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
https://notcve.org/view.php?id=CVE-2023-34412
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS). • https://cert.vde.com/en/advisories/VDE-2023-012 https://cert.vde.com/en/advisories/VDE-2023-029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-3090
https://notcve.org/view.php?id=CVE-2022-3090
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. Red Lion Controls Crimson 3.0 versiones 707.000 y anteriores, Crimson 3.1 versiones 3126.001 y anteriores, y Crimson 3.2 versiones 3.2.0044.0 y anteriores son vulnerables al path traversal. Al intentar abrir un archivo usando una ruta específica, el hash de la contraseña del usuario se envía a un host arbitrario. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-1039 – ICSA-22-104-03 Red Lion DA50N
https://notcve.org/view.php?id=CVE-2022-1039
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password. La débil contraseña de la interfaz de usuario de la web puede ser explotada por medio de HTTP o HTTPS. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03 • CWE-521: Weak Password Requirements •
CVE-2022-26516 – ICSA-22-104-03 Red Lion DA50N
https://notcve.org/view.php?id=CVE-2022-26516
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment. Los usuarios autorizados pueden instalar un archivo de paquete modificado maliciosamente cuando actualizan el dispositivo por medio de la interfaz de usuario web. El usuario puede usar inadvertidamente un archivo de paquete obtenido de una fuente no autorizada o un archivo que fue comprometido entre la descarga y el despliegue • https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03 • CWE-345: Insufficient Verification of Data Authenticity •