Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges.
The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system.
“The vulnerabilities affect Red Lion SixTRAK and VersaTRAK RTUs, and allow an unauthenticated attacker to execute commands with root privileges,” Claroty Team 82 researchers said in a report published Tuesday.
Red Lion’s Sixnet RTUs provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems, primarily across energy, water, and wastewater treatment, transportation, utilities, and manufacturing sectors.
These industrial devices are configured using a Windows utility called Sixnet IO Tool Kit, with a proprietary Sixnet “Universal” protocol used to interface and enable communication between the kit and the RTUs.
There also exists a user-permission system atop this mechanism to support file management, set/get station information, obtain Linux kernel and boot version, among others, over the UDP protocol.
The two vulnerabilities identified by Claroty are listed below –
- CVE-2023-42770 – An authentication bypass that arises as a result of the Sixnet RTU software listening to the same port (number 1594) in UDP and TCP that only prompts for an authentication challenge over UDP, while accepting the incoming message over TCP without prompting for any authentication
- CVE-2023-40151 – A remote code execution vulnerability that leverages Sixnet Universal Driver’s (UDR) built-in support for Linux shell command execution to run arbitrary code with root privileges
As a result, an attacker could chain both flaws to sidestep authentication protections to run commands and achieve remote code execution.
“Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A), any Sixnet UDR message received over TCP/IP, the RTU will accept the message with no authentication challenge,” Red Lion said in an advisory released back in June 2025. “When user authentication is not enabled, the shell can execute commands with the highest privileges.”
Users are advised to apply the patches for the two vulnerabilities as soon as possible. It’s also recommended to enable user authentication in the Red Lion RTU and block access over TCP to the affected RTUs.
According to an alert issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in November 2023, the flaws impact the following products –
- ST-IPm-8460: Firmware 6.0.202 and later
- ST-IPm-6350: Firmware version 4.9.114 and later
- VT-mIPm-135-D: Firmware version 4.9.114 and later
- VT-mIPm-245-D: Firmware version 4.9.114 and later
- VT-IPm2m-213-D: Firmware version 4.9.114 and later
- VT-IPm2m-113-D: Firmware version 4.9.114 and…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
