Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for Sixnet-Managed Industrial Switches by Red Lion Controls

    VAR-201805-0207

    Vulnerability from variot - Updated: 2024-11-23 23:09

    A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0207",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "stride-managed ethernet switches",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "redlion",
            "version": "5.0.190"
          },
          {
            "model": "sixnet-managed industrial switches",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "redlion",
            "version": "5.0.196"
          },
          {
            "model": "sixnet-managed industrial switches",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red lion controls",
            "version": "5.0.196"
          },
          {
            "model": "stride-managed ethernet switches",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red lion controls",
            "version": "5.0.190"
          },
          {
            "model": "lion controls sixnet-managed industrial switches",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "red",
            "version": "\u003c=5.0.196"
          },
          {
            "model": "lion controls stride-managed ethernet switches",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "red",
            "version": "\u003c=5.0.190"
          },
          {
            "model": "sixnet-managed industrial switches",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redlion",
            "version": "5.0.196"
          },
          {
            "model": "stride-managed ethernet switches",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redlion",
            "version": "5.0.190"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "sixnet managed industrial switches",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "stride managed ethernet switches",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9335"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:redlion:sixnet-managed_industrial_switches_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redlion:stride-managed_ethernet_switches_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          }
        ]
      },
      "cve": "CVE-2016-9335",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-9335",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-02585",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7d7ae200-463f-11e9-ba56-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-98155",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-9335",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-9335",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-9335",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02585",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-556",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d7ae200-463f-11e9-ba56-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-98155",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-9335",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98155"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9335"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "db": "IVD",
            "id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98155"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9335"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-9335",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-054-02",
            "trust": 3.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "7D7AE200-463F-11E9-BA56-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "B4B525B8-C3BC-49AE-BA77-47D9BB95900F",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-98155",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9335",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98155"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9335"
          }
        ]
      },
      "id": "VAR-201805-0207",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98155"
          }
        ],
        "trust": 2.1
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:09:05.612000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.redlion.net/"
          },
          {
            "title": "Patch for Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hardcoded Encryption Key Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/90358"
          },
          {
            "title": "Red Lion Controls Sixnet-Managed Industrial Switches  and AutomationDirect Stride-Managed Ethernet Switches Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74787"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-321",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-98155"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9335"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-054-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9335"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9335"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98155"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9335"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98155"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-9335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9335"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-10T00:00:00",
            "db": "IVD",
            "id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
          },
          {
            "date": "2017-03-10T00:00:00",
            "db": "IVD",
            "id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
          },
          {
            "date": "2017-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-98155"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-9335"
          },
          {
            "date": "2018-07-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "date": "2017-03-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          },
          {
            "date": "2018-05-09T13:29:00.247000",
            "db": "NVD",
            "id": "CVE-2016-9335"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02585"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-98155"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-9335"
          },
          {
            "date": "2018-07-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          },
          {
            "date": "2024-11-21T03:00:58.820000",
            "db": "NVD",
            "id": "CVE-2016-9335"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Lion Controls Sixnet-Managed Industrial Switches and  Stride-Managed Ethernet Switches Vulnerabilities related to the use of hard-coded credentials in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009039"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-556"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2016-9335 (GCVE-0-2016-9335)

    Vulnerability from nvd – Published: 2018-05-09 13:00 – Updated: 2024-09-16 19:04
    VLAI
    Summary
    A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.
    Severity
    No CVSS data available.
    CWE
    • CWE-321 - Use of hard-coded cryptographic key CWE-321
    Assigner
    References
    Impacted products
    Date Public
    2017-02-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:50:38.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sixnet-Managed Industrial Switches",
              "vendor": "Red Lion Controls",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Version 5.0.196 and prior"
                }
              ]
            },
            {
              "product": "STRIDE-Managed Ethernet Switch models",
              "vendor": "AutomationDirect",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Version 5.0.190 and prior."
                }
              ]
            }
          ],
          "datePublic": "2017-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "Use of hard-coded cryptographic key CWE-321",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-09T12:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2017-02-23T00:00:00",
              "ID": "CVE-2016-9335",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sixnet-Managed Industrial Switches",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Version 5.0.196 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Lion Controls"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STRIDE-Managed Ethernet Switch models",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Version 5.0.190 and prior."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AutomationDirect"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of hard-coded cryptographic key CWE-321"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2016-9335",
        "datePublished": "2018-05-09T13:00:00.000Z",
        "dateReserved": "2016-11-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:04:11.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9335 (GCVE-0-2016-9335)

    Vulnerability from cvelistv5 – Published: 2018-05-09 13:00 – Updated: 2024-09-16 19:04
    VLAI
    Summary
    A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.
    Severity
    No CVSS data available.
    CWE
    • CWE-321 - Use of hard-coded cryptographic key CWE-321
    Assigner
    References
    Impacted products
    Date Public
    2017-02-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:50:38.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sixnet-Managed Industrial Switches",
              "vendor": "Red Lion Controls",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Version 5.0.196 and prior"
                }
              ]
            },
            {
              "product": "STRIDE-Managed Ethernet Switch models",
              "vendor": "AutomationDirect",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Version 5.0.190 and prior."
                }
              ]
            }
          ],
          "datePublic": "2017-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "Use of hard-coded cryptographic key CWE-321",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-09T12:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2017-02-23T00:00:00",
              "ID": "CVE-2016-9335",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sixnet-Managed Industrial Switches",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Version 5.0.196 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Lion Controls"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STRIDE-Managed Ethernet Switch models",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Version 5.0.190 and prior."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AutomationDirect"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of hard-coded cryptographic key CWE-321"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2016-9335",
        "datePublished": "2018-05-09T13:00:00.000Z",
        "dateReserved": "2016-11-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:04:11.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }