RSS   Vulnerabilities for 'Crimson'   RSS

2021-01-06
 
CVE-2020-27285

CWE-306
 
 
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.

 
 
CVE-2020-27283

CWE-404
 
 
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.

 
 
CVE-2020-27279

CWE-476
 
 
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).

 
2019-09-23
 
CVE-2019-10996

CWE-416
 
 
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.

 
 
CVE-2019-10990

CWE-798
 
 
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.

 
 
CVE-2019-10984

CWE-824
 
 
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.

 
 
CVE-2019-10978

CWE-119
 
 
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.

 

 >>> Vendor: Redlion 4 Products
Hmi panel firmware
Sixnet-managed industrial switches firmware
Stride-managed ethernet switches firmware
Crimson

Copyright 2024, cxsecurity.com

 

Back to Top