Red Lion Controls Crimson

CVSS 7.8 HIGH

CVEs (4)

CVE-2019-10996 CVE-2019-10978 CVE-2019-10984 CVE-2019-10990

Red Lion Controls recommends users migrate to Crimson 3.1 release 3112.00 or later where the model choice allows. Updated software can be found at the following link:
For more information, Red Lion Controls has released a security bulletin that can be found at the following link:
The use of a hardcoded key vulnerability (CVE-2019-10990) can be mitigated in two ways: The user manual for Crimson 3.1 release 3112.00 now includes a paragraph describing the intended use of the database protection mechanism, noting the software is not designed to provide a cryptographically secure method of database protection.
The use of a hardcoded key vulnerability (CVE-2019-10990) can be mitigated in two ways: In a later release, targeted for September 2019, Red Lion Controls will modify the existing database protection scheme to include an option for a second file access password designed to encrypt the file.

Red Lion, AutomationDirect

Red Lion, AutomationDirect · Crimson <= 3.0

Red Lion, AutomationDirect · Crimson < 3.1 release 3112.00

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.