← Back to home
ICSA-23-306-01  ·  Published 2023-11-02  ·  View on CISA ICS-CERT ↗

Red Lion Crimson

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to truncate passwords configured by the Crimson configuration tool which could create weaker than intended credentials.

CVEs (1)

Remediations

  • Red Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the Red Lion website.
  • Any existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below.
  • For more information refer to Red Lion's security advisory RLCSIM-2023-04.

Affected Vendors

Red Lion

Affected Products (1)

Red Lion · Crimson <=3.2.0053.18

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more