Critical Flaw in Red Lion Controls Allows Unauthorized Access to SixTRAK and VersaTRAK RTUs

CVECVE-2023-42770
CVSScvssV3_1: 10
SourceCVE-2023-42770

The Red Lion SixTRAK and VersaTRAK Series RTUs are vulnerable to unauthorized access due to a lack of authentication validation when receiving messages over TCP/IP.

Red Lion Controls manufactures remote terminal units (RTUs) that are used to connect industrial control systems to remote field devices. These RTUs allow communication and data transfer between control systems and devices over various protocols.

The vulnerability arises because the RTUs do not properly authenticate messages received over TCP/IP, even though authentication is required for the same messages received over UDP. An attacker can exploit this to send unauthorized commands to the RTU over TCP/IP without providing the correct authentication credentials.

This could allow the manipulation or disruption of critical infrastructure processes that rely on the RTU for remote monitoring and control. Industries like manufacturing, utilities, and oil and gas could be impacted.

To protect against exploitation, users should contact Red Lion Controls to obtain updates that resolve the authentication validation issue. Organizations should also consider additional network segmentation and access controls to restrict unauthorized access to these industrial devices until patches are applied. Verifying proper authentication of all messages can help prevent threats from manipulating operations through compromised RTUs.

References