Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.
References
| Link | Resource |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
22 Nov 2022, 19:54
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Redlion
Redlion crimson |
|
| CPE | cpe:2.3:a:redlion:crimson:3.0:build_640.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_700.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_502.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_662.006:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3125.007:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3123.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3100.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3115.009:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3106.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3100.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:-:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0020.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0016.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_624.005:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_579.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_523.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_683.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3111.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_477.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:-:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3109.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0030.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_694.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_707.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3110.004:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3124.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_582.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3126.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0044.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:-:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_502.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_697.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_703.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_697.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3119.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3123.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3116.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_548.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3125.006:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3121.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_573.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3114.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_582.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_697.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_615.004:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3115.006:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_635.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0036.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3113.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3119.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_619.004:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_683.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_640.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_702.004:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0041.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_493.004:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_530.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3100.010:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0031.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3110.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_530.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_624.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_603.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3120.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_502.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_493.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3115.008:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_657.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3101.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_647.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_515.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_515.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_690.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3110.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_619.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3122.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3112.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_573.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0015.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0026.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0021.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_683.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_599.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3108.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_582.004:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0025.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_582.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_693.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3109.004:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_678.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0008.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_702.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_579.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_530.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3125.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_530.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3122.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3104.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_675.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_493.005:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3100.008:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3100.009:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3108.004:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0035.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3126.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_705.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_599.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0014.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_662.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_640.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3100.003:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_639.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_657.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_605.002:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_548.005:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_635.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3120.000:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.2:build_3.2.0040.0:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.0:build_690.001:*:*:*:*:*:* cpe:2.3:a:redlion:crimson:3.1:build_3106.004:*:*:*:*:*:* |
|
| References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 - Third Party Advisory, US Government Resource | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
17 Nov 2022, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-11-17 22:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-3090
Mitre link : CVE-2022-3090
CVE.ORG link : CVE-2022-3090
JSON object : View
Products Affected
redlion
- crimson
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')