Red Lion Crimson 3.1

Plan Patch7.5ICS-CERT ICSA-21-005-04Jan 5, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Red Lion Crimson 3.1 (build < 3119.001) contains multiple vulnerabilities (null pointer dereference, missing authentication, missing input validation) that allow an unauthenticated attacker with network access to cause a denial-of-service condition, read the configuration database, and leak memory data. The application may be used for monitoring and control of critical industrial processes.

What this means

What could happen

An attacker could crash the Crimson 3.1 application (denial of service), read sensitive data from the database, or modify process configurations, potentially disrupting monitoring and control of industrial equipment.

Who's at risk

Operators and administrators of any facility running Red Lion Crimson 3.1 for monitoring and control of industrial processes. This includes water treatment plants, electrical substations, and chemical process facilities that use Crimson for SCADA/HMI functions.

How it could be exploited

An attacker with network access to the Crimson 3.1 application could send crafted requests that trigger null pointer dereferences (CWE-476) or bypass missing authentication checks (CWE-306) to cause the application to crash, leak memory contents, or read/write the configuration database.

Prerequisites

Network access to the Crimson 3.1 application port
No authentication required

remotely exploitableno authentication requiredlow complexityhigh impact on availability

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Crimson 3.1: Build< 3119.0013119.001

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to Crimson 3.1 with a firewall; ensure the application is not directly accessible from the Internet or business network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Red Lion Crimson 3.1 to build 3119.001 or later

Long-term hardening

0/2

HARDENINGIf remote access to Crimson 3.1 is required, use a VPN with current patches

HARDENINGIsolate the Crimson 3.1 system and its network segment from the business network

CVEs (3)

CVE-2020-27279 CVE-2020-27285 CVE-2020-27283

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/02529122-6eb6-4c32-bacb-92d9400dd6f8