Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2019-09-23 16:15

Modified

2024-11-21 04:20

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-19-248-01	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-19-248-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	redlion	crimson	*
	redlion	crimson	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C9472F-1425-468D-86E7-C91BCA30692D",
              "versionEndIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDEB3A0-80D0-4A18-8F21-1BE069654E73",
              "versionEndExcluding": "3112.00",
              "versionStartIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area."
    },
    {
      "lang": "es",
      "value": "Red Lion Controls Crimson, versi\u00f3n 3.0 y anterior y versi\u00f3n 3.1 anterior a la publicaci\u00f3n 3112.00, permite que m\u00faltiples vulnerabilidades sean explotadas cuando un usuario v\u00e1lido abre un archivo de entrada malicioso especialmente dise\u00f1ado que opera fuera del \u00e1rea de memoria designada."
    }
  ],
  "id": "CVE-2019-10978",
  "lastModified": "2024-11-21T04:20:17.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-23T16:15:14.713",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-09-23 16:15

Modified

2024-11-21 04:20

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-19-248-01	Mitigation, Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-19-248-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	redlion	crimson	*
	redlion	crimson	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C9472F-1425-468D-86E7-C91BCA30692D",
              "versionEndIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDEB3A0-80D0-4A18-8F21-1BE069654E73",
              "versionEndExcluding": "3112.00",
              "versionStartIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files."
    },
    {
      "lang": "es",
      "value": "Red Lion Controls Crimson, versi\u00f3n 3.0 y anterior y versi\u00f3n 3.1 anterior a la publicaci\u00f3n 3112.00, utiliza una contrase\u00f1a embebida para encriptar archivos protegidos en tr\u00e1nsito y en reposo, lo que puede permitir a un atacante acceder a los archivos de configuraci\u00f3n."
    }
  ],
  "id": "CVE-2019-10990",
  "lastModified": "2024-11-21T04:20:18.393",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-23T16:15:14.837",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-321"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-09-23 16:15

Modified

2024-11-21 04:20

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-19-248-01	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-19-248-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	redlion	crimson	*
	redlion	crimson	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C9472F-1425-468D-86E7-C91BCA30692D",
              "versionEndIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDEB3A0-80D0-4A18-8F21-1BE069654E73",
              "versionEndExcluding": "3112.00",
              "versionStartIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers."
    },
    {
      "lang": "es",
      "value": "Red Lion Controls Crimson, versi\u00f3n 3.0 y anteriores y versi\u00f3n 3.1 anterior a la publicaci\u00f3n 3112.00, permite que m\u00faltiples vulnerabilidades sean explotadas cuando un usuario v\u00e1lido abre un archivo de entrada malicioso especialmente dise\u00f1ado que causa que el programa maneje inapropiadamente los punteros."
    }
  ],
  "id": "CVE-2019-10984",
  "lastModified": "2024-11-21T04:20:17.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-23T16:15:14.790",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-465"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-11-06 20:15

Modified

2024-11-21 08:42

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

References

URL	Tags
ics-cert@hq.dhs.gov	https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories	Vendor Advisory
ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
redlion	crimson	*
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	da50a	-
redlion	da70a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4295D087-6FAF-4443-AC03-5D2DF83AE38E",
              "versionEndExcluding": "3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0008.0:*:*:*:*:*:*",
              "matchCriteriaId": "2462AB8D-13B5-434F-B53F-AC43952C59D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0014.0:*:*:*:*:*:*",
              "matchCriteriaId": "7AEFD4D3-3A5E-4A97-8F8A-00A802EC046E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0015.0:*:*:*:*:*:*",
              "matchCriteriaId": "4FC7C595-57E9-46BE-A507-7155310F5BB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0016.0:*:*:*:*:*:*",
              "matchCriteriaId": "3EFBC0AE-1BDC-4159-8FA2-4626E1A02F17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0020.0:*:*:*:*:*:*",
              "matchCriteriaId": "1F6BEB68-BB83-488F-BAD1-674FDA11B7EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0021.0:*:*:*:*:*:*",
              "matchCriteriaId": "8C0B5D43-45BD-4A85-808F-8A0B9818F83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0025.0:*:*:*:*:*:*",
              "matchCriteriaId": "7202BC35-500E-4DD5-BD65-5E5F849AB97D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0026.0:*:*:*:*:*:*",
              "matchCriteriaId": "EEE9C0C7-23DC-406E-B89C-CE7C66E4BBEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0030.0:*:*:*:*:*:*",
              "matchCriteriaId": "83A2D6CA-1BB5-4096-921B-4A722A97AA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0031.0:*:*:*:*:*:*",
              "matchCriteriaId": "9254CF9B-4421-4808-873E-0D0C568FFC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0035.0:*:*:*:*:*:*",
              "matchCriteriaId": "5FA689AC-FDFB-493F-86F0-5C8252B1DB2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0036.0:*:*:*:*:*:*",
              "matchCriteriaId": "AB9216B2-FA80-4B8E-B3E7-F1CA85534F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0040.0:*:*:*:*:*:*",
              "matchCriteriaId": "89B84594-35D4-40AA-9E66-53D4F586F3F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0041.0:*:*:*:*:*:*",
              "matchCriteriaId": "85C30545-0932-4F9C-984E-FAAA464D3DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0044.0:*:*:*:*:*:*",
              "matchCriteriaId": "C092F331-B3DD-4CA9-B855-B9D30454842C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0047.0:*:*:*:*:*:*",
              "matchCriteriaId": "D95F12E5-B703-4F62-BD8B-43AEB1E1716E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0050.0:*:*:*:*:*:*",
              "matchCriteriaId": "E31D51E4-FD61-4583-81A9-7F349523C7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0051.0:*:*:*:*:*:*",
              "matchCriteriaId": "B413CDBE-65DF-4012-A17E-C97A869CD9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0053.0:*:*:*:*:*:*",
              "matchCriteriaId": "B20CE831-D90B-41AB-88F7-6488799EF10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0053.1:*:*:*:*:*:*",
              "matchCriteriaId": "A3BF2AD6-4B14-4A6D-AF6E-EFAF138D52C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0053.18:*:*:*:*:*:*",
              "matchCriteriaId": "57F4B49C-2A3B-4240-BF79-F0F91FA12E05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:da50a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F375BCC0-0CC2-4ABE-8C9F-B22727E71A22",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:redlion:da70a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58648F47-7CB3-4347-B8EF-5D71F1C9F1CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\n\n"
    },
    {
      "lang": "es",
      "value": "La herramienta de configuraci\u00f3n Crimson 3.2 basada en Windows permite a los usuarios con acceso administrativo definir nuevas contrase\u00f1as para los usuarios y descargar la configuraci\u00f3n de seguridad resultante a un dispositivo. Si dicha contrase\u00f1a contiene el car\u00e1cter de porcentaje (%), se incluir\u00e1n valores no v\u00e1lidos, lo que podr\u00eda truncar la cadena si se encuentra un NUL. Si el administrador no detecta la contrase\u00f1a simplificada, el dispositivo podr\u00eda quedar en un estado vulnerable como resultado de que las credenciales se vean comprometidas m\u00e1s f\u00e1cilmente. Tenga en cuenta que las contrase\u00f1as ingresadas a trav\u00e9s del servidor web del sistema Crimson no sufren esta vulnerabilidad."
    }
  ],
  "id": "CVE-2023-5719",
  "lastModified": "2024-11-21T08:42:21.013",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-06T20:15:07.950",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-158"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2022-11-17 22:15

Modified

2024-11-21 07:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
redlion	crimson	*
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.0
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.1
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2
redlion	crimson	3.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD20B4A3-0918-46D1-B589-3393BE7EF5FF",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CD2A9A9A-0E39-4DCB-B7FB-66C5C9F92EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_477.003:*:*:*:*:*:*",
              "matchCriteriaId": "E5C6FAD8-FE55-4D8A-8716-DACC58072DC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_493.003:*:*:*:*:*:*",
              "matchCriteriaId": "6BD524DE-13F4-4860-B64B-ABDEC69A31A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_493.004:*:*:*:*:*:*",
              "matchCriteriaId": "C392CE80-2434-4D51-8A06-35075DBB4781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_493.005:*:*:*:*:*:*",
              "matchCriteriaId": "4C290027-C1A9-4835-B12F-2237B83246BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_502.000:*:*:*:*:*:*",
              "matchCriteriaId": "EF173B3B-9598-4CA7-98E0-254966A877BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_502.001:*:*:*:*:*:*",
              "matchCriteriaId": "D141087B-1985-4C6E-9DAC-D895558549F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_502.003:*:*:*:*:*:*",
              "matchCriteriaId": "8CC060CF-A718-4EF5-B631-1CA84DB5C585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_515.002:*:*:*:*:*:*",
              "matchCriteriaId": "5513BEF5-6DD2-48D1-9F97-29489032B1FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_515.003:*:*:*:*:*:*",
              "matchCriteriaId": "BD1F2913-490C-405B-B2CF-5BE179BBA939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_523.003:*:*:*:*:*:*",
              "matchCriteriaId": "B97A0068-EC7C-47EB-B086-014D35324D6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_530.000:*:*:*:*:*:*",
              "matchCriteriaId": "1EA3107F-CEA0-40C1-85B3-71F7AA0F5D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_530.001:*:*:*:*:*:*",
              "matchCriteriaId": "58828C17-CA25-4A82-ADA9-0B205B335F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_530.002:*:*:*:*:*:*",
              "matchCriteriaId": "482B8A43-B5A6-4EFA-A524-B570C118905C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_530.003:*:*:*:*:*:*",
              "matchCriteriaId": "AB7F2E5C-783F-40E5-AE04-1619E677A358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_548.001:*:*:*:*:*:*",
              "matchCriteriaId": "819AC791-1A5D-475F-A92B-9FCDD2536F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_548.005:*:*:*:*:*:*",
              "matchCriteriaId": "C9DB3C3E-FA86-4AC2-BF5B-C214C111BAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_573.001:*:*:*:*:*:*",
              "matchCriteriaId": "32BECE93-E534-4233-90A5-271D7DFBA69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_573.002:*:*:*:*:*:*",
              "matchCriteriaId": "04991137-C936-42EF-BC0A-64E7BD060A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_579.001:*:*:*:*:*:*",
              "matchCriteriaId": "5E825360-9C11-4621-8E95-771283A8C595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_579.003:*:*:*:*:*:*",
              "matchCriteriaId": "F1631E25-25F0-48DA-8D21-E721FB958628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_582.000:*:*:*:*:*:*",
              "matchCriteriaId": "30243F2C-E2A2-446D-A53C-0A2D224CC0EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_582.001:*:*:*:*:*:*",
              "matchCriteriaId": "23A4FBD2-D9BD-4F49-9BE9-4F513A489276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_582.003:*:*:*:*:*:*",
              "matchCriteriaId": "55BD764E-C72C-4B1B-848E-14802E3A9556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_582.004:*:*:*:*:*:*",
              "matchCriteriaId": "5BC101DD-44E8-4F51-B3BC-EE7BFECEDF3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_599.000:*:*:*:*:*:*",
              "matchCriteriaId": "D1CCFBD2-69BE-4887-876F-FD78AC2E968D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_599.001:*:*:*:*:*:*",
              "matchCriteriaId": "07E59B30-ABA5-4A4B-AA01-1907C8014B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_603.000:*:*:*:*:*:*",
              "matchCriteriaId": "0182346F-CFFC-4153-B8D7-B6CF760F886C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_605.002:*:*:*:*:*:*",
              "matchCriteriaId": "4EA96CB1-2CE1-43EB-9378-450E3CC007E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_615.004:*:*:*:*:*:*",
              "matchCriteriaId": "058DF1BE-B53F-4BAD-934F-0AD8FAB75FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_619.002:*:*:*:*:*:*",
              "matchCriteriaId": "D308405B-869C-4D87-84DF-7A669A701DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_619.004:*:*:*:*:*:*",
              "matchCriteriaId": "5C73AD75-E6CB-4A29-AEC0-5FA90010B77B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_624.000:*:*:*:*:*:*",
              "matchCriteriaId": "BDE624CE-3561-48F0-9075-41E86680B369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_624.005:*:*:*:*:*:*",
              "matchCriteriaId": "F7D1F1FD-0928-436E-8533-544C4C43D1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_635.000:*:*:*:*:*:*",
              "matchCriteriaId": "333AAC85-4F02-435F-945D-89017D912611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_635.001:*:*:*:*:*:*",
              "matchCriteriaId": "A4BB200E-1279-4100-8281-8161299F8769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_639.000:*:*:*:*:*:*",
              "matchCriteriaId": "2D5428C8-B2EC-43C8-8AF4-B41FAF625C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_640.000:*:*:*:*:*:*",
              "matchCriteriaId": "255362CF-BC54-46AC-A082-9E8508B09DE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_640.001:*:*:*:*:*:*",
              "matchCriteriaId": "EDA47C72-B49C-4556-9B67-2C3EF7E519D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_640.002:*:*:*:*:*:*",
              "matchCriteriaId": "BFF7FA01-49D5-4B78-85B4-5AEC08F45F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_647.002:*:*:*:*:*:*",
              "matchCriteriaId": "21623993-816B-4A64-BB37-E4E4A5C24A86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_657.001:*:*:*:*:*:*",
              "matchCriteriaId": "481BA483-E4EC-40C3-91BF-B382DFBC8A15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_657.003:*:*:*:*:*:*",
              "matchCriteriaId": "3EF367C8-322E-4B89-B9A7-7B1DFF8798FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_662.002:*:*:*:*:*:*",
              "matchCriteriaId": "5A18054B-13F5-4CEF-AFBD-C3D660E3891C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_662.006:*:*:*:*:*:*",
              "matchCriteriaId": "8AE60BE2-C1D1-43D6-A48D-7C7B351CB6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_675.000:*:*:*:*:*:*",
              "matchCriteriaId": "7A9BB7D4-A210-41FF-AAA1-D5CD0CC07C1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_678.002:*:*:*:*:*:*",
              "matchCriteriaId": "7B6D4609-47D1-4BB8-93CE-2FC4C219E7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_683.000:*:*:*:*:*:*",
              "matchCriteriaId": "0B716D98-836E-4FF0-BBE6-1ABE8C962EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_683.001:*:*:*:*:*:*",
              "matchCriteriaId": "E12C93CE-D6F9-4398-A988-42CFBD1454C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_683.002:*:*:*:*:*:*",
              "matchCriteriaId": "794315C2-079E-4063-B1E4-C1B21B6AB45E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_690.001:*:*:*:*:*:*",
              "matchCriteriaId": "1CE88160-F135-44C7-AEFE-9F4DFC05CC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_690.002:*:*:*:*:*:*",
              "matchCriteriaId": "1B4E0DCE-CC6A-460B-844C-657187C496C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_693.000:*:*:*:*:*:*",
              "matchCriteriaId": "EF65E301-D47C-4FBB-8A0F-B43C11388936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_694.000:*:*:*:*:*:*",
              "matchCriteriaId": "2167BF20-6A1A-49FE-ACE2-15232A2B2D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_697.001:*:*:*:*:*:*",
              "matchCriteriaId": "B33B8DAA-BEE3-46A8-92BF-8EDC4E05EEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_697.002:*:*:*:*:*:*",
              "matchCriteriaId": "8AC3890F-2C30-47DF-BF7E-398AB4AA7DD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_697.003:*:*:*:*:*:*",
              "matchCriteriaId": "3237341F-F771-4DA5-8FB8-90B8A42B9BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_700.000:*:*:*:*:*:*",
              "matchCriteriaId": "BC75A7D8-AE81-43E9-A1F5-0CCD995B5266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_702.002:*:*:*:*:*:*",
              "matchCriteriaId": "4421B3A0-D9B9-4DDB-8F7B-748920483819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_702.004:*:*:*:*:*:*",
              "matchCriteriaId": "3126A4CF-9ECE-4C7F-8D7D-EE1785645E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_703.001:*:*:*:*:*:*",
              "matchCriteriaId": "3370F739-B6FA-476C-98AD-15329C0DF368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_705.000:*:*:*:*:*:*",
              "matchCriteriaId": "C10F32FD-3A78-4C4B-99CE-D6E660BD3680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.0:build_707.000:*:*:*:*:*:*",
              "matchCriteriaId": "E081D1CB-5479-4629-8B1F-649BAED95893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "7EDD5D63-A62C-4CCF-92CC-DDC04B2C9394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.000:*:*:*:*:*:*",
              "matchCriteriaId": "42E389EB-D26E-4733-8DC1-C0B7FF73CA68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.002:*:*:*:*:*:*",
              "matchCriteriaId": "117A2023-798F-4829-8249-ACCC49A57064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.003:*:*:*:*:*:*",
              "matchCriteriaId": "938C0243-9A8E-42A7-81D6-C4E2DFCDD995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.008:*:*:*:*:*:*",
              "matchCriteriaId": "C51F7243-90AE-46A2-A292-B07CE332E7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.009:*:*:*:*:*:*",
              "matchCriteriaId": "1C250714-2F91-44CC-A9BF-D0E2A48EC2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3100.010:*:*:*:*:*:*",
              "matchCriteriaId": "669E041F-5209-4430-8D30-9FBCB061C1D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3101.001:*:*:*:*:*:*",
              "matchCriteriaId": "91E69A39-450E-4C00-BB7D-873735FF09D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3104.000:*:*:*:*:*:*",
              "matchCriteriaId": "1AE35564-E812-45F6-AA03-9FD6AD7DA8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3106.000:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8D132-7A5E-42D7-B679-AE2D8DD218D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3106.004:*:*:*:*:*:*",
              "matchCriteriaId": "9C597C17-2D73-407D-A783-CF4C3379F0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3108.002:*:*:*:*:*:*",
              "matchCriteriaId": "5B53ABF6-687A-4FEA-B00B-E3164775B071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3108.004:*:*:*:*:*:*",
              "matchCriteriaId": "3C2A8184-C0DC-40AD-AF7A-0FC6CBDD5D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3109.003:*:*:*:*:*:*",
              "matchCriteriaId": "78A264F8-AD8F-488A-A8E8-C073092740B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3109.004:*:*:*:*:*:*",
              "matchCriteriaId": "2CA78AF9-1417-4AEA-82F8-7BED6A5D695C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3110.000:*:*:*:*:*:*",
              "matchCriteriaId": "E45F42D4-B88E-4740-A961-9C180DCC6FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3110.002:*:*:*:*:*:*",
              "matchCriteriaId": "61A70D40-854E-490A-87CE-85EED9761AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3110.004:*:*:*:*:*:*",
              "matchCriteriaId": "1911872C-9341-48A1-A6FD-07D1C7B56BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3111.000:*:*:*:*:*:*",
              "matchCriteriaId": "00470300-FB88-4114-8FAF-36314F21A227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3112.000:*:*:*:*:*:*",
              "matchCriteriaId": "8F636A15-BFA0-470F-86E4-49666ACB4191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3113.000:*:*:*:*:*:*",
              "matchCriteriaId": "DB1AA647-DC3D-433E-A455-1BBA6B919EBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3114.002:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0F453-2F46-4A3D-A1A5-69A78B56578A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3115.006:*:*:*:*:*:*",
              "matchCriteriaId": "B49293D9-3EF9-4755-AA2F-6A940F66ED0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3115.008:*:*:*:*:*:*",
              "matchCriteriaId": "9D2A4AEC-93FD-4CC1-9FE6-CF616407CDA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3115.009:*:*:*:*:*:*",
              "matchCriteriaId": "15856A25-445F-42F9-9BAD-1EFFDB8320CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3116.000:*:*:*:*:*:*",
              "matchCriteriaId": "92A98980-1131-4338-BEEE-BF65E4ED5D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3119.001:*:*:*:*:*:*",
              "matchCriteriaId": "8E69870C-D803-42E8-A380-547E74C0DAB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3119.002:*:*:*:*:*:*",
              "matchCriteriaId": "C72C69C6-FC2D-4A9B-8FBA-8433C0A49A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3120.000:*:*:*:*:*:*",
              "matchCriteriaId": "EA0B1875-1D3C-4F9A-815B-3A822F54B314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3120.001:*:*:*:*:*:*",
              "matchCriteriaId": "80E5CF3E-5F8C-4448-B9AD-760EC4F3EFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3121.000:*:*:*:*:*:*",
              "matchCriteriaId": "827DF512-A83C-4BB6-9A9E-BEBE321E5DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3122.000:*:*:*:*:*:*",
              "matchCriteriaId": "B9D6E436-FD9D-4487-9493-ABB5175DF20F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3122.001:*:*:*:*:*:*",
              "matchCriteriaId": "04524BEB-7DC2-4F02-A6B5-4E2E4A767329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3123.000:*:*:*:*:*:*",
              "matchCriteriaId": "890AE6A8-CCDC-40A9-B094-A1C61DAEDE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3123.001:*:*:*:*:*:*",
              "matchCriteriaId": "2B9500D2-4429-4AF5-9F87-38BC2344F75C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3124.000:*:*:*:*:*:*",
              "matchCriteriaId": "29FB4BA1-3CCD-41D6-94E0-E9548790A8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3125.003:*:*:*:*:*:*",
              "matchCriteriaId": "F9A16ED0-E81B-4720-BE03-0A45D69D73C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3125.006:*:*:*:*:*:*",
              "matchCriteriaId": "349D42CE-EC9D-4671-94C9-B8DAFC2C9307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3125.007:*:*:*:*:*:*",
              "matchCriteriaId": "4695353C-274A-41B1-A363-1F1E7D23D2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3126.000:*:*:*:*:*:*",
              "matchCriteriaId": "5EBA03E2-16D7-4C52-96C3-904C8E2ABE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:build_3126.001:*:*:*:*:*:*",
              "matchCriteriaId": "4C211F1D-57D5-4BEB-B3A2-E6BA1AD7B377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "7AF3083B-B556-40D4-83DF-46FFB2EB92E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0008.0:*:*:*:*:*:*",
              "matchCriteriaId": "2462AB8D-13B5-434F-B53F-AC43952C59D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0014.0:*:*:*:*:*:*",
              "matchCriteriaId": "7AEFD4D3-3A5E-4A97-8F8A-00A802EC046E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0015.0:*:*:*:*:*:*",
              "matchCriteriaId": "4FC7C595-57E9-46BE-A507-7155310F5BB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0016.0:*:*:*:*:*:*",
              "matchCriteriaId": "3EFBC0AE-1BDC-4159-8FA2-4626E1A02F17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0020.0:*:*:*:*:*:*",
              "matchCriteriaId": "1F6BEB68-BB83-488F-BAD1-674FDA11B7EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0021.0:*:*:*:*:*:*",
              "matchCriteriaId": "8C0B5D43-45BD-4A85-808F-8A0B9818F83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0025.0:*:*:*:*:*:*",
              "matchCriteriaId": "7202BC35-500E-4DD5-BD65-5E5F849AB97D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0026.0:*:*:*:*:*:*",
              "matchCriteriaId": "EEE9C0C7-23DC-406E-B89C-CE7C66E4BBEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0030.0:*:*:*:*:*:*",
              "matchCriteriaId": "83A2D6CA-1BB5-4096-921B-4A722A97AA7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0031.0:*:*:*:*:*:*",
              "matchCriteriaId": "9254CF9B-4421-4808-873E-0D0C568FFC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0035.0:*:*:*:*:*:*",
              "matchCriteriaId": "5FA689AC-FDFB-493F-86F0-5C8252B1DB2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0036.0:*:*:*:*:*:*",
              "matchCriteriaId": "AB9216B2-FA80-4B8E-B3E7-F1CA85534F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0040.0:*:*:*:*:*:*",
              "matchCriteriaId": "89B84594-35D4-40AA-9E66-53D4F586F3F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0041.0:*:*:*:*:*:*",
              "matchCriteriaId": "85C30545-0932-4F9C-984E-FAAA464D3DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.2:build_3.2.0044.0:*:*:*:*:*:*",
              "matchCriteriaId": "C092F331-B3DD-4CA9-B855-B9D30454842C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user\u0027s password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes."
    },
    {
      "lang": "es",
      "value": "Red Lion Controls Crimson 3.0 versiones 707.000 y anteriores, Crimson 3.1 versiones 3126.001 y anteriores, y Crimson 3.2 versiones 3.2.0044.0 y anteriores son vulnerables al path traversal. Al intentar abrir un archivo usando una ruta espec\u00edfica, el hash de la contrase\u00f1a del usuario se env\u00eda a un host arbitrario. Esto podr\u00eda permitir a un atacante obtener hashes de credenciales de usuario."
    }
  ],
  "id": "CVE-2022-3090",
  "lastModified": "2024-11-21T07:18:48.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-17T22:15:10.700",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-09-23 16:15

Modified

2024-11-21 04:20

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-19-248-01	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-19-248-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	redlion	crimson	*
	redlion	crimson	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C9472F-1425-468D-86E7-C91BCA30692D",
              "versionEndIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDEB3A0-80D0-4A18-8F21-1BE069654E73",
              "versionEndExcluding": "3112.00",
              "versionStartIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed."
    },
    {
      "lang": "es",
      "value": "Red Lion Controls Crimson, versi\u00f3n 3.0 y anterior y versi\u00f3n 3.1 anterior a la publicaci\u00f3n 3112.00, permite que m\u00faltiples vulnerabilidades sean explotadas cuando un usuario v\u00e1lido abre un archivo de entrada malicioso especialmente dise\u00f1ado que puede hacer referencia a la memoria despu\u00e9s de que haya sido liberada."
    }
  ],
  "id": "CVE-2019-10996",
  "lastModified": "2024-11-21T04:20:19.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-23T16:15:14.897",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-06 16:15

Modified

2024-11-21 05:20

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	redlion	crimson	3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "921EFEC7-A52F-4C69-B5EC-29067036D1F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001)."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de deferencia del puntero NULL en el convertidor de protocolo.\u0026#xa0;Un atacante podr\u00eda enviar un paquete especialmente dise\u00f1ado que podr\u00eda reiniciar el dispositivo que ejecuta Crimson versi\u00f3n 3.1 (versiones de Compilaci\u00f3n anteriores a 3119.001)"
    }
  ],
  "id": "CVE-2020-27279",
  "lastModified": "2024-11-21T05:20:59.237",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-06T16:15:12.283",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-06 16:15

Modified

2024-11-21 05:20

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	redlion	crimson	3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "921EFEC7-A52F-4C69-B5EC-29067036D1F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations."
    },
    {
      "lang": "es",
      "value": "Un atacante podr\u00eda enviar un mensaje especialmente dise\u00f1ado a Crimson versi\u00f3n 3.1 (versiones de Compilaci\u00f3n anteriores a 3119.001) que podr\u00eda filtrar ubicaciones de memoria arbitrarias"
    }
  ],
  "id": "CVE-2020-27283",
  "lastModified": "2024-11-21T05:20:59.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-06T16:15:12.360",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-06 15:15

Modified

2024-11-21 05:20

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.

References

▶	URL	Tags
	ics-cert@hq.dhs.gov	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	redlion	crimson	3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redlion:crimson:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "921EFEC7-A52F-4C69-B5EC-29067036D1F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n predeterminada de Crimson versi\u00f3n 3.1 (versiones de compilaci\u00f3n anteriores a 3119.001), permite a un usuario ser capaz de leer y modificar la base de datos sin autenticaci\u00f3n"
    }
  ],
  "id": "CVE-2020-27285",
  "lastModified": "2024-11-21T05:20:59.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-06T15:15:14.600",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-10984 (GCVE-0-2019-10984)

Vulnerability from cvelistv5

Published

2019-09-23 15:58

Modified

2024-08-04 22:40

Severity ?

CWE

CWE-465 - POINTER ISSUES

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.

References

►

URL

Tags

https://www.us-cert.gov/ics/advisories/icsa-19-248-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Red Lion Controls Crimson (Windows configuration software)	Version: Version 3.0 and prior, Version 3.1 prior to release 3112.00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Red Lion Controls Crimson (Windows configuration software)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-465",
              "description": "POINTER ISSUES CWE-465",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-23T15:58:41",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Red Lion Controls Crimson (Windows configuration software)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "POINTER ISSUES CWE-465"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10984",
    "datePublished": "2019-09-23T15:58:41",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27283 (GCVE-0-2020-27283)

Vulnerability from cvelistv5

Published

2021-01-06 15:05

Modified

2024-08-04 16:11

Severity ?

CWE

CWE-404 - IMPROPER RESOURCE SHUTDOWN OR RELEASE

Summary

An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.

References

►

URL

Tags

https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Crimson 3.1	Version: Build versions prior to 3119.001

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:11:36.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Crimson 3.1",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Build versions prior to 3119.001"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T15:05:07",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-27283",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Crimson 3.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Build versions prior to 3119.001"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-27283",
    "datePublished": "2021-01-06T15:05:07",
    "dateReserved": "2020-10-19T00:00:00",
    "dateUpdated": "2024-08-04T16:11:36.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5719 (GCVE-0-2023-5719)

Vulnerability from cvelistv5

Published

2023-11-06 19:33

Modified

2025-01-16 21:26

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-158 - Improper Neutralization of Null Byte or NUL Character

Summary

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

References

►

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01
	https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories

Impacted products

	Vendor	Product	Version
	Red Lion	Crimson	Version: 0 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5719",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:19:56.453751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:26:43.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Crimson",
          "vendor": "Red Lion",
          "versions": [
            {
              "lessThanOrEqual": "v3.2.0053.18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Alexander Ratelle of Hepburn Engineering Inc. reported this vulnerability to Red Lion."
        }
      ],
      "datePublic": "2023-11-02T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-158",
              "description": "CWE-158 Improper Neutralization of Null Byte or NUL Character",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-06T19:33:20.369Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01"
        },
        {
          "url": "https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eRed Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.redlion.net/node/16883\"\u003eRed Lion website\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAny existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below.\u003c/p\u003e\u003cp\u003eFor more information refer to Red Lion\u0027s security advisory \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories\"\u003eRLCSIM-2023-04\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nRed Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the  Red Lion website https://www.redlion.net/node/16883 .\n\nAny existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below.\n\nFor more information refer to Red Lion\u0027s security advisory  RLCSIM-2023-04 https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories .\n\n\n\n\n"
        }
      ],
      "source": {
        "advisory": "ICSA-23-306-01",
        "discovery": "EXTERNAL"
      },
      "title": "Red Lion Crimson Improper Neutralization of Null Byte or NUL Character",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-5719",
    "datePublished": "2023-11-06T19:33:20.369Z",
    "dateReserved": "2023-10-23T13:58:41.363Z",
    "dateUpdated": "2025-01-16T21:26:43.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10978 (GCVE-0-2019-10978)

Vulnerability from cvelistv5

Published

2019-09-23 15:58

Modified

2024-08-04 22:40

Severity ?

CWE

CWE-119 - IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.

References

►

URL

Tags

https://www.us-cert.gov/ics/advisories/icsa-19-248-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Red Lion Controls Crimson (Windows configuration software)	Version: Version 3.0 and prior, Version 3.1 prior to release 3112.00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Red Lion Controls Crimson (Windows configuration software)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-23T15:58:32",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10978",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Red Lion Controls Crimson (Windows configuration software)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10978",
    "datePublished": "2019-09-23T15:58:32",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27285 (GCVE-0-2020-27285)

Vulnerability from cvelistv5

Published

2021-01-06 15:01

Modified

2024-08-04 16:11

Severity ?

CWE

CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION

Summary

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.

References

►

URL

Tags

https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Crimson 3.1	Version: Build versions prior to 3119.001

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:11:36.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Crimson 3.1",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Build versions prior to 3119.001"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T15:01:44",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-27285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Crimson 3.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Build versions prior to 3119.001"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-27285",
    "datePublished": "2021-01-06T15:01:44",
    "dateReserved": "2020-10-19T00:00:00",
    "dateUpdated": "2024-08-04T16:11:36.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27279 (GCVE-0-2020-27279)

Vulnerability from cvelistv5

Published

2021-01-06 15:03

Modified

2024-08-04 16:11

Severity ?

CWE

CWE-476 - NULL POINTER DEREFERENCE

Summary

A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).

References

►

URL

Tags

https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Crimson 3.1	Version: Build versions prior to 3119.001

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:11:36.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Crimson 3.1",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Build versions prior to 3119.001"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL POINTER DEREFERENCE CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T15:03:47",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-27279",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Crimson 3.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Build versions prior to 3119.001"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NULL POINTER DEREFERENCE CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-27279",
    "datePublished": "2021-01-06T15:03:47",
    "dateReserved": "2020-10-19T00:00:00",
    "dateUpdated": "2024-08-04T16:11:36.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3090 (GCVE-0-2022-3090)

Vulnerability from cvelistv5

Published

2022-11-17 21:55

Modified

2025-04-16 16:06

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

References

►

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01

Impacted products

Vendor

Product

Version

►

Red Lion Controls

Crimson 3.0

Version: All versions <

	Red Lion Controls	Crimson 3.1	Version: All versions <
	Red Lion Controls	Crimson 3.2	Version: All versions <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:53:32.172066Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:06:05.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Crimson 3.0",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "lessThanOrEqual": "707.000",
              "status": "affected",
              "version": "All versions",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Crimson 3.1",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "lessThanOrEqual": "3126.001",
              "status": "affected",
              "version": "All versions",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Crimson 3.2",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "lessThanOrEqual": "3.2.0044.0",
              "status": "affected",
              "version": "All versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Dragos reported this vulnerability to Red Lion Controls, who reported this vulnerability to CISA"
        }
      ],
      "datePublic": "2022-11-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user\u0027s password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-17T00:00:00.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-3090",
    "datePublished": "2022-11-17T21:55:37.791Z",
    "dateReserved": "2022-09-01T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:06:05.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10996 (GCVE-0-2019-10996)

Vulnerability from cvelistv5

Published

2019-09-23 15:58

Modified

2024-08-04 22:40

Severity ?

CWE

CWE-416 - USE AFTER FREE

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.

References

►

URL

Tags

https://www.us-cert.gov/ics/advisories/icsa-19-248-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Red Lion Controls Crimson (Windows configuration software)	Version: Version 3.0 and prior, Version 3.1 prior to release 3112.00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Red Lion Controls Crimson (Windows configuration software)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "USE AFTER FREE CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-23T15:58:11",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Red Lion Controls Crimson (Windows configuration software)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE AFTER FREE CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10996",
    "datePublished": "2019-09-23T15:58:11",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10990 (GCVE-0-2019-10990)

Vulnerability from cvelistv5

Published

2019-09-23 15:46

Modified

2024-08-04 22:40

Severity ?

CWE

CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.

References

►

URL

Tags

https://www.us-cert.gov/ics/advisories/icsa-19-248-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Red Lion Controls Crimson (Windows configuration software)	Version: Version 3.0 and prior, Version 3.1 prior to release 3112.00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Red Lion Controls Crimson (Windows configuration software)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-23T15:46:43",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Red Lion Controls Crimson (Windows configuration software)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 3.0 and prior, Version 3.1 prior to release 3112.00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-248-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10990",
    "datePublished": "2019-09-23T15:46:43",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to redlion - crimson

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

CVE-2019-10984 (GCVE-0-2019-10984)

Vulnerability from cvelistv5

CVE-2020-27283 (GCVE-0-2020-27283)

Vulnerability from cvelistv5

CVE-2023-5719 (GCVE-0-2023-5719)

Vulnerability from cvelistv5

CVE-2019-10978 (GCVE-0-2019-10978)

Vulnerability from cvelistv5

CVE-2020-27285 (GCVE-0-2020-27285)

Vulnerability from cvelistv5

CVE-2020-27279 (GCVE-0-2020-27279)

Vulnerability from cvelistv5

CVE-2022-3090 (GCVE-0-2022-3090)

Vulnerability from cvelistv5

CVE-2019-10996 (GCVE-0-2019-10996)

Vulnerability from cvelistv5

CVE-2019-10990 (GCVE-0-2019-10990)

Vulnerability from cvelistv5