CRITICAL🇵🇱 Wersja polska

CVE-2016-9335

CVSS 10.0v3.0pub. 2018-05-09upd. 2024-11-21

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Redlion Sixnet Managed Industrial Switches

    HW
    Redlion
    wszystkie wersje
  • Redlion Sixnet Managed Industrial Switches Firmware

    OS
    Redlion
    ≤ 5.0.196
  • Redlion Stride Managed Ethernet Switches

    HW
    Redlion
    wszystkie wersje
  • Redlion Stride Managed Ethernet Switches Firmware

    OS
    Redlion
    ≤ 5.0.190
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-1039CRITICAL9.6ten sam vendor

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obta...

CVE-2020-27285CRITICAL9.1ten sam vendor

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read a...

CVE-2020-16210CRITICAL9.0ten sam vendor

The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely ...

CVE-2020-16206CRITICAL9.0ten sam vendor

The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely exe...

CVE-2020-16204CRITICAL9.8ten sam vendor

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an at...