7.5

CVE-2022-3090

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

Data is provided by the National Vulnerability Database (NVD)
RedlionCrimson Version < 3.0
RedlionCrimson Version3.0 Update-
RedlionCrimson Version3.0 Updatebuild_477.003
RedlionCrimson Version3.0 Updatebuild_493.003
RedlionCrimson Version3.0 Updatebuild_493.004
RedlionCrimson Version3.0 Updatebuild_493.005
RedlionCrimson Version3.0 Updatebuild_502.000
RedlionCrimson Version3.0 Updatebuild_502.001
RedlionCrimson Version3.0 Updatebuild_502.003
RedlionCrimson Version3.0 Updatebuild_515.002
RedlionCrimson Version3.0 Updatebuild_515.003
RedlionCrimson Version3.0 Updatebuild_523.003
RedlionCrimson Version3.0 Updatebuild_530.000
RedlionCrimson Version3.0 Updatebuild_530.001
RedlionCrimson Version3.0 Updatebuild_530.002
RedlionCrimson Version3.0 Updatebuild_530.003
RedlionCrimson Version3.0 Updatebuild_548.001
RedlionCrimson Version3.0 Updatebuild_548.005
RedlionCrimson Version3.0 Updatebuild_573.001
RedlionCrimson Version3.0 Updatebuild_573.002
RedlionCrimson Version3.0 Updatebuild_579.001
RedlionCrimson Version3.0 Updatebuild_579.003
RedlionCrimson Version3.0 Updatebuild_582.000
RedlionCrimson Version3.0 Updatebuild_582.001
RedlionCrimson Version3.0 Updatebuild_582.003
RedlionCrimson Version3.0 Updatebuild_582.004
RedlionCrimson Version3.0 Updatebuild_599.000
RedlionCrimson Version3.0 Updatebuild_599.001
RedlionCrimson Version3.0 Updatebuild_603.000
RedlionCrimson Version3.0 Updatebuild_605.002
RedlionCrimson Version3.0 Updatebuild_615.004
RedlionCrimson Version3.0 Updatebuild_619.002
RedlionCrimson Version3.0 Updatebuild_619.004
RedlionCrimson Version3.0 Updatebuild_624.000
RedlionCrimson Version3.0 Updatebuild_624.005
RedlionCrimson Version3.0 Updatebuild_635.000
RedlionCrimson Version3.0 Updatebuild_635.001
RedlionCrimson Version3.0 Updatebuild_639.000
RedlionCrimson Version3.0 Updatebuild_640.000
RedlionCrimson Version3.0 Updatebuild_640.001
RedlionCrimson Version3.0 Updatebuild_640.002
RedlionCrimson Version3.0 Updatebuild_647.002
RedlionCrimson Version3.0 Updatebuild_657.001
RedlionCrimson Version3.0 Updatebuild_657.003
RedlionCrimson Version3.0 Updatebuild_662.002
RedlionCrimson Version3.0 Updatebuild_662.006
RedlionCrimson Version3.0 Updatebuild_675.000
RedlionCrimson Version3.0 Updatebuild_678.002
RedlionCrimson Version3.0 Updatebuild_683.000
RedlionCrimson Version3.0 Updatebuild_683.001
RedlionCrimson Version3.0 Updatebuild_683.002
RedlionCrimson Version3.0 Updatebuild_690.001
RedlionCrimson Version3.0 Updatebuild_690.002
RedlionCrimson Version3.0 Updatebuild_693.000
RedlionCrimson Version3.0 Updatebuild_694.000
RedlionCrimson Version3.0 Updatebuild_697.001
RedlionCrimson Version3.0 Updatebuild_697.002
RedlionCrimson Version3.0 Updatebuild_697.003
RedlionCrimson Version3.0 Updatebuild_700.000
RedlionCrimson Version3.0 Updatebuild_702.002
RedlionCrimson Version3.0 Updatebuild_702.004
RedlionCrimson Version3.0 Updatebuild_703.001
RedlionCrimson Version3.0 Updatebuild_705.000
RedlionCrimson Version3.0 Updatebuild_707.000
RedlionCrimson Version3.1 Update-
RedlionCrimson Version3.1 Updatebuild_3100.000
RedlionCrimson Version3.1 Updatebuild_3100.002
RedlionCrimson Version3.1 Updatebuild_3100.003
RedlionCrimson Version3.1 Updatebuild_3100.008
RedlionCrimson Version3.1 Updatebuild_3100.009
RedlionCrimson Version3.1 Updatebuild_3100.010
RedlionCrimson Version3.1 Updatebuild_3101.001
RedlionCrimson Version3.1 Updatebuild_3104.000
RedlionCrimson Version3.1 Updatebuild_3106.000
RedlionCrimson Version3.1 Updatebuild_3106.004
RedlionCrimson Version3.1 Updatebuild_3108.002
RedlionCrimson Version3.1 Updatebuild_3108.004
RedlionCrimson Version3.1 Updatebuild_3109.003
RedlionCrimson Version3.1 Updatebuild_3109.004
RedlionCrimson Version3.1 Updatebuild_3110.000
RedlionCrimson Version3.1 Updatebuild_3110.002
RedlionCrimson Version3.1 Updatebuild_3110.004
RedlionCrimson Version3.1 Updatebuild_3111.000
RedlionCrimson Version3.1 Updatebuild_3112.000
RedlionCrimson Version3.1 Updatebuild_3113.000
RedlionCrimson Version3.1 Updatebuild_3114.002
RedlionCrimson Version3.1 Updatebuild_3115.006
RedlionCrimson Version3.1 Updatebuild_3115.008
RedlionCrimson Version3.1 Updatebuild_3115.009
RedlionCrimson Version3.1 Updatebuild_3116.000
RedlionCrimson Version3.1 Updatebuild_3119.001
RedlionCrimson Version3.1 Updatebuild_3119.002
RedlionCrimson Version3.1 Updatebuild_3120.000
RedlionCrimson Version3.1 Updatebuild_3120.001
RedlionCrimson Version3.1 Updatebuild_3121.000
RedlionCrimson Version3.1 Updatebuild_3122.000
RedlionCrimson Version3.1 Updatebuild_3122.001
RedlionCrimson Version3.1 Updatebuild_3123.000
RedlionCrimson Version3.1 Updatebuild_3123.001
RedlionCrimson Version3.1 Updatebuild_3124.000
RedlionCrimson Version3.1 Updatebuild_3125.003
RedlionCrimson Version3.1 Updatebuild_3125.006
RedlionCrimson Version3.1 Updatebuild_3125.007
RedlionCrimson Version3.1 Updatebuild_3126.000
RedlionCrimson Version3.1 Updatebuild_3126.001
RedlionCrimson Version3.2 Update-
RedlionCrimson Version3.2 Updatebuild_3.2.0008.0
RedlionCrimson Version3.2 Updatebuild_3.2.0014.0
RedlionCrimson Version3.2 Updatebuild_3.2.0015.0
RedlionCrimson Version3.2 Updatebuild_3.2.0016.0
RedlionCrimson Version3.2 Updatebuild_3.2.0020.0
RedlionCrimson Version3.2 Updatebuild_3.2.0021.0
RedlionCrimson Version3.2 Updatebuild_3.2.0025.0
RedlionCrimson Version3.2 Updatebuild_3.2.0026.0
RedlionCrimson Version3.2 Updatebuild_3.2.0030.0
RedlionCrimson Version3.2 Updatebuild_3.2.0031.0
RedlionCrimson Version3.2 Updatebuild_3.2.0035.0
RedlionCrimson Version3.2 Updatebuild_3.2.0036.0
RedlionCrimson Version3.2 Updatebuild_3.2.0040.0
RedlionCrimson Version3.2 Updatebuild_3.2.0041.0
RedlionCrimson Version3.2 Updatebuild_3.2.0044.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.13% 0.337
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ics-cert@hq.dhs.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01
Third Party Advisory
US Government Resource