← Back

CVE-2016-9335

nvd nist
Published: May 9, 2018Modified: Nov 21, 2024

JSON object

Loading...
10.0
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 6.0
Source: NVD

Description

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.

Affected (2)

Redlion
2 products
Sixnet Managed Industrial Switches Firmware
Stride Managed Ethernet Switches Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sixnet Managed Industrial Switches Firmware
Up to 5.0.196
Running on/withPlatform Versions
Redlion
Sixnet Managed Industrial Switches
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Stride Managed Ethernet Switches Firmware
Up to 5.0.190
Running on/withPlatform Versions
Redlion
Stride Managed Ethernet Switches
All versions

Related CWEs

CWE-321
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.