Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact Low
Integrity Impact None
Availability Impact None
User Interaction None
No CVSS v3.0
No CVSS v2
Vendors | Products |
---|---|
Redlion |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-11-17T00:00:00
Updated: 2022-11-17T00:00:00
Reserved: 2022-09-01T00:00:00
Link: CVE-2022-3090
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-17T22:15:10.700
Modified: 2022-11-22T19:54:57.607
Link: CVE-2022-3090
JSON object: View
Redhat Information
No data.
CWE