漏洞标题
N/A
漏洞描述信息
在Red Lion Controls的Sixnet-Managed Industrial Switches运行 firmware Version 5.0.196和Stride-Managed Ethernet Switches运行 firmware Version 5.0.190中,发现了一个硬编码的加密钥漏洞。这些Stride-Managed Ethernet switch和Sixnet-Managed Industrial switch的脆弱版本使用硬编码的HTTP SSL/SSH密钥进行安全通信。由于这些密钥不能由用户生成,所有产品都使用相同的密钥。攻击者可以干扰通信或破坏系统。CVSS v3基础评分:10,CVSS向量字符串:(AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)。Red Lion Controls建议更新到SLX firmware Version 5.3.174。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.
CVSS信息
N/A
漏洞类别
使用硬编码的密码学密钥
漏洞标题
Red Lion Controls Sixnet-Managed Industrial Switches和AutomationDirect Stride-Managed Ethernet Switches 安全漏洞
漏洞描述信息
Red Lion Controls Sixnet-Managed Industrial Switches和AutomationDirect Stride-Managed Ethernet Switches都是以太网交换机。Red Lion Controls Sixnet-Managed Industrial Switches是美国Red Lion Controls公司的工业以太网管理交换机。AutomationDirect Stride-Managed Ethernet Switches是美国Automa
CVSS信息
N/A
漏洞类别
信任管理问题