PT-2017-3656 · Red Lion Controls · Red Lion Controls Sixnet-Managed Industrial Switches+1

Mark Cross

Publicado

2017-02-23

Atualizado

2019-10-09

CVE-2016-9335

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 Red Lion Controls Stride-Managed Ethernet Switches version 5.0.190

Description: The issue is related to the use of hard-coded HTTP SSL/SSH keys in the firmware of the affected devices. This could allow a remote attacker to gain full control over the device, disrupt communication, or compromise the system.

Recommendations: For Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196, update to SLX firmware Version 5.3.174. For Red Lion Controls Stride-Managed Ethernet Switches version 5.0.190, update to SLX firmware Version 5.3.174.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-321

Identificadores relacionados

BDU:2018-00833

CVE-2016-9335

Produtos afetados

Red Lion Controls Sixnet-Managed Industrial Switches

Red Lion Controls Stride-Managed Ethernet Switches

PT-2017-3656 · Red Lion Controls · Red Lion Controls Sixnet-Managed Industrial Switches+1

CVE-2016-9335

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6