A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HRedlion Sixnet Managed Industrial Switches
HWRedlionwszystkie wersjeRedlion Sixnet Managed Industrial Switches Firmware
OSRedlion≤ 5.0.196Redlion Stride Managed Ethernet Switches
HWRedlionwszystkie wersjeRedlion Stride Managed Ethernet Switches Firmware
OSRedlion≤ 5.0.190
Related vulnerabilities
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obta...
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read a...
The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely ...
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely exe...
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an at...