CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2023-5719 – Red Lion Crimson Improper Neutralization of Null Byte or NUL Character
https://notcve.org/view.php?id=CVE-2023-5719
06 Nov 2023 — The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that pa... • https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.5EPSS: 0%CPEs: 121EXPL: 0CVE-2022-3090
https://notcve.org/view.php?id=CVE-2022-3090
17 Nov 2022 — Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. Red Lion Controls Crimson 3.0 versiones 707.000 y anteriores, Crimson 3.1 versiones 3126.001 y anteriores, y Crimson 3.2 versiones 3.2.0044.0 y anteriores son vu... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27283
https://notcve.org/view.php?id=CVE-2020-27283
06 Jan 2021 — An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations. Un atacante podría enviar un mensaje especialmente diseñado a Crimson versión 3.1 (versiones de Compilación anteriores a 3119.001) que podría filtrar ubicaciones de memoria arbitrarias • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27279
https://notcve.org/view.php?id=CVE-2020-27279
06 Jan 2021 — A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001). Se ha identificado una vulnerabilidad de deferencia del puntero NULL en el convertidor de protocolo. Un atacante podría enviar un paquete especialmente diseñado que podría reiniciar el dispositivo que ejecuta Crimson versión 3.1 (versiones de Compilación anteriores a 3119.001) • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27285
https://notcve.org/view.php?id=CVE-2020-27285
06 Jan 2021 — The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication. La configuración predeterminada de Crimson versión 3.1 (versiones de compilación anteriores a 3119.001), permite a un usuario ser capaz de leer y modificar la base de datos sin autenticación • https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10990 – Red Lion Crimson Hard-coded Cryptographic Key Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10990
05 Sep 2019 — Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. Red Lion Controls Crimson, versión 3.0 y anterior y versión 3.1 anterior a la publicación 3112.00, utiliza una contraseña embebida para encriptar archivos protegidos en tránsito y en reposo, lo que puede permitir a un atacante acceder a los archivos de configuración. This vulnerabili... • https://www.us-cert.gov/ics/advisories/icsa-19-248-01 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2019-10996 – Red Lion Crimson CD31 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10996
05 Sep 2019 — Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. Red Lion Controls Crimson, versión 3.0 y anterior y versión 3.1 anterior a la publicación 3112.00, permite que múltiples vulnerabilidades sean explotadas cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado que puede hacer re... • https://www.us-cert.gov/ics/advisories/icsa-19-248-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10978 – Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10978
05 Sep 2019 — Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. Red Lion Controls Crimson, versión 3.0 y anterior y versión 3.1 anterior a la publicación 3112.00, permite que múltiples vulnerabilidades sean explotadas cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado que opera fuera ... • https://www.us-cert.gov/ics/advisories/icsa-19-248-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10984 – Red Lion Crimson CD3 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10984
05 Sep 2019 — Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. Red Lion Controls Crimson, versión 3.0 y anteriores y versión 3.1 anterior a la publicación 3112.00, permite que múltiples vulnerabilidades sean explotadas cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado que causa que el pro... • https://www.us-cert.gov/ics/advisories/icsa-19-248-01 • CWE-465: Pointer Issues •