Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

The Hacker News by The Hacker News
October 15, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Oct 15, 2025Ravie LakshmananVulnerability / Critical Infrastructure

Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges.

The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system.

“The vulnerabilities affect Red Lion SixTRAK and VersaTRAK RTUs, and allow an unauthenticated attacker to execute commands with root privileges,” Claroty Team 82 researchers said in a report published Tuesday.

Red Lion’s Sixnet RTUs provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems, primarily across energy, water, and wastewater treatment, transportation, utilities, and manufacturing sectors.

These industrial devices are configured using a Windows utility called Sixnet IO Tool Kit, with a proprietary Sixnet “Universal” protocol used to interface and enable communication between the kit and the RTUs.

DFIR Retainer Services

There also exists a user-permission system atop this mechanism to support file management, set/get station information, obtain Linux kernel and boot version, among others, over the UDP protocol.

The two vulnerabilities identified by Claroty are listed below –

  • CVE-2023-42770 – An authentication bypass that arises as a result of the Sixnet RTU software listening to the same port (number 1594) in UDP and TCP that only prompts for an authentication challenge over UDP, while accepting the incoming message over TCP without prompting for any authentication
  • CVE-2023-40151 – A remote code execution vulnerability that leverages Sixnet Universal Driver’s (UDR) built-in support for Linux shell command execution to run arbitrary code with root privileges

As a result, an attacker could chain both flaws to sidestep authentication protections to run commands and achieve remote code execution.

“Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A), any Sixnet UDR message received over TCP/IP, the RTU will accept the message with no authentication challenge,” Red Lion said in an advisory released back in June 2025. “When user authentication is not enabled, the shell can execute commands with the highest privileges.”

Users are advised to apply the patches for the two vulnerabilities as soon as possible. It’s also recommended to enable user authentication in the Red Lion RTU and block access over TCP to the affected RTUs.

CIS Build Kits

According to an alert issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in November 2023, the flaws impact the following products –

  • ST-IPm-8460: Firmware 6.0.202 and later
  • ST-IPm-6350: Firmware version 4.9.114 and later
  • VT-mIPm-135-D: Firmware version 4.9.114 and later
  • VT-mIPm-245-D: Firmware version 4.9.114 and later
  • VT-IPm2m-213-D: Firmware version 4.9.114 and later
  • VT-IPm2m-113-D: Firmware version 4.9.114 and later

“Red Lion’s RTUs are prominent in many industrial automation settings, and an attacker with access to the devices and the ability to run commands at root presents significant possibilities for process disruption or damage,” Claroty noted.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Why the future of work is agentic | Computer Weekly

Why the future of work is agentic | Computer Weekly

Recommended.

LFG !!! Lancement d’un pilote Alpha IA destiné aux chasseurs de mèmes coins

LFG !!! Lancement d’un pilote Alpha IA destiné aux chasseurs de mèmes coins

July 25, 2025
Databricks Hires Google Cloud, AWS Marketplace Guru

Databricks Hires Google Cloud, AWS Marketplace Guru

May 15, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio