Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9335

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.

Published

2018-05-09T13:29:00.247

Last Modified

2024-11-21T03:00:58.820

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 10.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-321
Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	redlion	sixnet-managed_industrial_switches_firmware	≤ 5.0.196	Yes
Hardware	redlion	sixnet-managed_industrial_switches	-	No
Operating System	redlion	stride-managed_ethernet_switches_firmware	≤ 5.0.190	Yes
Hardware	redlion	stride-managed_ethernet_switches	-	No

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02 Third Party Advisory, US Government Resource ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)