PT-2019-12124 · Red Lion Controls · Crimson

Anthony Fuller

Publicado

2019-09-05

Atualizado

2023-03-01

CVE-2019-10990

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00

Description The issue allows an attacker to access configuration files due to the use of a hard-coded password for encrypting protected files in transit and at rest.

Recommendations For Red Lion Controls Crimson versions 3.0 and prior, update to a version later than 3.0. For Red Lion Controls Crimson version 3.1 prior to release 3112.00, update to release 3112.00 or later.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-321CWE-798

Identificadores relacionados

CVE-2019-10990

ZDI-19-785

Produtos afetados

Crimson

PT-2019-12124 · Red Lion Controls · Crimson

CVE-2019-10990

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4