Red Lion N-Tron 702-W, 702M12-W

Act Now9.8ICS-CERT ICSA-20-240-01Aug 27, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Red Lion N-Tron 702-W and 702M12-W managed network switches contain multiple vulnerabilities (CWE-79 cross-site scripting, CWE-352 CSRF, CWE-912 hidden functionality, CWE-1104 use of unmaintained third-party component) that allow unauthenticated remote attackers to execute arbitrary system commands, access sensitive data, and perform actions in the context of authenticated users. The vulnerabilities affect all firmware versions of both products. Red Lion discontinued the 702-W Series in 2018 and does not provide firmware patches. Successful exploitation could lead to unauthorized command execution, information disclosure, and system compromise.

What this means

What could happen

An attacker on the network could execute arbitrary commands on these switches with no authentication, potentially disrupting network connectivity to PLCs, sensors, and control systems throughout your plant. They could also steal sensitive configuration data or credentials stored on the device.

Who's at risk

Water utilities, municipal electric systems, and other critical infrastructure that use Red Lion N-Tron managed switches (702-W and 702M12-W) in their SCADA/control networks. These devices typically provide network connectivity to PLCs, RTUs, and I/O modules in water treatment plants, pump stations, and substations.

How it could be exploited

An attacker reaches the web interface of the N-Tron switch over the network (port 80/443 by default) and injects malicious code or commands without needing to log in. The vulnerability allows cross-site request forgery (CSRF) and command injection, enabling the attacker to execute system commands directly on the device.

Prerequisites

Network reachability to the N-Tron switch on HTTP/HTTPS ports (80/443)
No authentication required
The device must be running any firmware version (all versions affected)

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (end-of-life product)High CVSS score (9.8)Affects industrial network infrastructure

Exploitability

Moderate exploit probability (EPSS 3.3%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

N-Tron 702M12-W: All versionsAll versionsNo fix (EOL)

N-Tron 702-W: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImmediately segment the N-Tron switch network behind a firewall. Allow only trusted engineering workstations and control systems to communicate with it; block all internet-facing access.

HARDENINGRemove the N-Tron switch from internet-connected networks and any VPN tunnels unless absolutely necessary for remote engineering work.

HARDENINGAudit network diagrams and access logs to confirm the device is not reachable from the business network or internet. Review firewall rules protecting it.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf the device must remain in production, deploy network access controls (port security, 802.1X) to restrict which devices can connect to it.

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: N-Tron 702M12-W: All versions, N-Tron 702-W: All versions. Apply the following compensating controls:

HARDENINGPlan replacement of N-Tron 702-W and 702M12-W switches with modern, actively supported network equipment that receives security patches.

CVEs (5)

CVE-2020-16210 CVE-2020-16206 CVE-2020-16208 CVE-2020-16204 CVE-2017-16544

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f3726393-e883-401b-b5db-2e9547b81b9e