Red Lion Sixnet remote terminal units (RTUs), specifically the SixTRAK and VersaTRAK series, are affected by two critical security vulnerabilities rated 10.0 on the CVSS scale. The first vulnerability (CVE-2023-42770) is an authentication bypass stemming from the RTU software listening on the same port (1594) for both UDP and TCP traffic but only enforcing authentication on UDP. TCP messages are accepted without authentication, allowing an attacker to send commands unauthenticated. The second vulnerability (CVE-2023-40151) is a remote code execution flaw that exploits the Sixnet Universal Driver's built-in Linux shell command execution feature to run arbitrary commands with root privileges. By chaining these vulnerabilities, an attacker can bypass authentication and execute commands remotely with the highest privileges. These RTUs are integral to industrial automation and control systems across energy, water, wastewater treatment, transportation, utilities, and manufacturing sectors. The devices communicate using a proprietary Sixnet Universal protocol over UDP and TCP, and are configured via a Windows utility called Sixnet IO Tool Kit. The vulnerabilities allow attackers to disrupt industrial processes, manipulate data, or cause physical damage by taking control of critical infrastructure components. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts and Red Lion has released advisories recommending immediate patching, enabling user authentication, and restricting TCP access to affected devices. No known exploits are currently reported in the wild, but the critical nature and ease of exploitation make these vulnerabilities highly dangerous.

For European organizations, the impact of these vulnerabilities is severe. Red Lion RTUs are widely deployed in critical infrastructure sectors such as energy production and distribution, water and wastewater management, transportation systems, and manufacturing plants. Exploitation could lead to unauthorized control over industrial processes, causing operational disruptions, safety hazards, environmental damage, and financial losses. Confidentiality is compromised as attackers gain root-level access, integrity is at risk due to potential manipulation of control commands and data, and availability can be affected by disrupting or shutting down industrial operations. Given the critical nature of these sectors in Europe, successful attacks could have cascading effects on public safety, economic stability, and national security. The ease of exploitation without authentication and no user interaction required increases the likelihood of attacks, especially if network segmentation and access controls are insufficient. The threat also raises concerns about supply chain security and the resilience of industrial control systems against cyberattacks.

1. Immediately apply all available patches and firmware updates provided by Red Lion for the affected SixTRAK and VersaTRAK RTUs. 2. Enable user authentication on all Red Lion RTUs to ensure that commands require valid credentials before execution. 3. Block or restrict TCP access to port 1594 on RTUs at network perimeter and internal firewalls to prevent unauthenticated TCP connections. 4. Implement strict network segmentation to isolate RTUs from general IT networks and limit access to trusted management stations only. 5. Monitor network traffic for unusual activity on port 1594 and for any unauthorized command execution attempts. 6. Conduct regular security audits and vulnerability assessments of industrial control systems to detect and remediate weaknesses. 7. Employ intrusion detection/prevention systems (IDS/IPS) tuned for industrial protocols and known attack signatures related to Red Lion RTUs. 8. Develop and test incident response plans specific to industrial control system compromises to minimize impact if exploitation occurs. 9. Coordinate with vendors and cybersecurity authorities for timely threat intelligence and guidance. 10. Train operational technology (OT) personnel on secure configuration and monitoring of RTUs and related infrastructure.