Risk Summary
Successful exploitation of these vulnerabilities could result in data compromise, data modification, and a denial-of-service condition.
CVEs (3)
Remediations
- Red Lion notes the DA50N series product is at end-of-life and does not intend to release a software update to address these vulnerabilities. Users are encouraged to apply workarounds and mitigations or upgrade their device to DA50A and DA70A.
- Do not install image files that are obtained from sources other than the official Red Lion website.
- When downloading images from Red Lion's website, ensure the validity of the server's TLS certificate.
- If package files or images are to be stored before deployment, ensure they are stored in a secure manner.
- Minimize the risk of unauthorized installation via SD card by limiting physical access to the device.
- Ensure the default UI password is changed to one meeting standard security practices.
- Change the admin, rlcuser and techsup account passwords from their default values.
- Disable the SSH service and keep the telnet service disabled if they are not required.
- Do not re-use the same password for securing multiple resources.
- Limit access to configuration files that contain valuable credentials.
- Ensure the use of secure credentials when configuring optional services.
- Enable only the minimum set of optional services required for the application.
- For additional information, refer to Red Lion's security alert.
Affected Vendors
Red Lion, AutomationDirect
Affected Products (1)
Red Lion, AutomationDirect
·
DA50N
vers:all/*
Affected Sectors
Multiple Sectors
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more