Crimson

crimson

Vendor: Redlion • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-5719 1Redlion 1Crimson Nov 21, 2024 Nov 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains th...Show more The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability. Show less
CVE-2022-3090 1Redlion 1Crimson Nov 21, 2024 Nov 17, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a sp...Show more Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.Show less
CVE-2020-27283 1Redlion 1Crimson Jun 2, 2026 Jan 6, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
CVE-2020-27279 1Redlion 1Crimson Jun 2, 2026 Jan 6, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).
CVE-2020-27285 1Redlion 1Crimson Jun 2, 2026 Jan 6, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.
CVE-2019-10996 1Redlion 1Crimson Jun 2, 2026 Sep 23, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can referen...Show more Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed.Show less
CVE-2019-10990 1Redlion 1Crimson Jun 2, 2026 Sep 23, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration...Show more Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.Show less
CVE-2019-10984 1Redlion 1Crimson Jun 2, 2026 Sep 23, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the...Show more Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers.Show less
CVE-2019-10978 1Redlion 1Crimson Jun 2, 2026 Sep 23, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates ou...Show more Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area.Show less