CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2016-9335

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile0.28th
Published2018年5月9日
Last Modified2024年11月21日

Vulnerability Description

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.

Affected Platforms (CPE)

💻
Redlion

Sixnet Managed Industrial Switches Firmware

<= 5.0.196
💻
Redlion

Stride Managed Ethernet Switches Firmware

<= 5.0.190

References & Advisories

🔗 https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02
🔗 https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02

相關漏洞威脅

CVE-2016-578810.0

General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which...

CVE-2016-1004310.0

An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to...

CVE-2016-478710.0

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers t...

CVE-2016-608210.0

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race conditi...