PT-2017-3656 · Red Lion Controls · Red Lion Controls Sixnet-Managed Industrial Switches+1

Mark Cross

Published

2017-02-23

Updated

2019-10-09

CVE-2016-9335

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 Red Lion Controls Stride-Managed Ethernet Switches version 5.0.190

Description: The issue is related to the use of hard-coded HTTP SSL/SSH keys in the firmware of the affected devices. This could allow a remote attacker to gain full control over the device, disrupt communication, or compromise the system.

Recommendations: For Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196, update to SLX firmware Version 5.3.174. For Red Lion Controls Stride-Managed Ethernet Switches version 5.0.190, update to SLX firmware Version 5.3.174.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-321

Related Identifiers

BDU:2018-00833

CVE-2016-9335

Affected Products

Red Lion Controls Sixnet-Managed Industrial Switches

Red Lion Controls Stride-Managed Ethernet Switches

PT-2017-3656 · Red Lion Controls · Red Lion Controls Sixnet-Managed Industrial Switches+1

CVE-2016-9335

Weakness Enumeration

Related Identifiers

Affected Products

References · 6