CVE-2023-42770 : What You Need to Know
Discover the critical vulnerability CVE-2023-42770 impacting Red Lion Controls' SixTRAK and VersaTRAK Series RTUs. Learn about the authentication bypass issue and effective mitigation strategies.
In November 2023, Red Lion Controls addressed CVE-2023-42770 - an authentication bypass vulnerability affecting their SixTRAK and VersaTRAK Series RTUs. This article provides insights into the nature of the vulnerability, its impact, technical details, and mitigation strategies.
Understanding CVE-2023-42770
The vulnerability identified as CVE-2023-42770 involves an authentication bypass issue within Red Lion Controls' SixTRAK and VersaTRAK Series RTUs.
What is CVE-2023-42770?
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled may encounter an authentication challenge over UDP/IP when processing Sixnet UDR messages, while the same messages over TCP/IP may be accepted without authentication.
The Impact of CVE-2023-42770
With a CVSSv3.1 base score of 10, this critical vulnerability poses a high availability impact, with high confidentiality and integrity implications. An attacker could exploit this flaw to bypass authentication measures, potentially leading to unauthorized access and control of affected systems.
Technical Details of CVE-2023-42770
Vulnerability Description
The vulnerability allows for authentication bypass using an alternative path or channel, as described by CWE-288.
Affected Systems and Versions
Red Lion Controls' ST-IPm-8460 version 6.0.202 is affected, along with other products running version 4.9.114.
Exploitation Mechanism
The issue arises when authenticated users engage with Sixnet UDR messages over different network protocols, leading to inconsistent authentication challenges.
Mitigation and Prevention
To mitigate the risks associated with CVE-2023-42770, users are advised to take immediate steps and adopt long-term security practices.
Immediate Steps to Take
Red Lion recommends applying the latest patches to impacted products and implementing additional mitigations such as enabling user authentication.
Long-Term Security Practices
Users can block Sixnet UDR messages over TCP/IP, install specific patches, and configure iptables rules to manage TCP/IP traffic effectively.
Patching and Updates
Detailed instructions for installing patches, configuring rules, and enhancing system security are provided by Red Lion Controls in their security bulletin.