External risk intelligence

Red Lion Crimson Database Authentication Bypass

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2020-27285

The default configuration of Crimson 3.1 permits unauthorized users to read and modify its database, posing a risk of data compromise and unauthorized alterations. This affects organizations using the software, potentially impacting their systems and leading to business risk through data manipulation.

3Halo Surface Signal

Missing Authentication

Redlion Crimson

3.1

External exposure likelihood

Halo Surface Signal score for CVE-2020-27285

Crimson is configuration software for industrial automation and HMIs. While network-reachable, these devices are typically deployed within internal industrial control networks or private operational technology segments. Public internet exposure is not a standard or intended deployment pattern, making reachability from the public internet possible in some environments but not common.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Horizon Alert

Summary of the vulnerability and why it matters

The default configuration of Crimson 3.1 allows unauthorized access to the database. This flaw enables users to read and modify data without proper authentication. The impact can include data compromise and unauthorized alterations within the system.

  • Vulnerable: Crimson 3.1 database configuration
  • Weakness: Allows database access without authentication
  • Impact: Data reading and modification

Attack Path

How an attacker could exploit the issue

The default configuration of Crimson 3.1 permits unauthenticated users to access and modify the database. This could allow an attacker to gain unauthorized access to sensitive information. The attacker could then alter critical data within the system, potentially disrupting operations. This vulnerability exposes organizations to significant business risk.

  • Database exposed without authentication.
  • Attacker gains access remotely.
  • Attacker modifies database records.

Live Threat

Current exploitation, exposure, and threat context

The default configuration of Crimson 3.1 allows unauthenticated access to read and modify databases. This presents a significant risk to organizations relying on this software. Attackers can gain unauthorized access to sensitive data and potentially disrupt operations.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Crimson 3.1 allows unauthorized users to access and alter database information due to its default configuration. Organizations using this software should take immediate steps to protect their systems and data from potential compromise. The identified weakness presents a significant risk to data integrity and operational control.

  • Locate all Crimson 3.1 installations.
  • Restrict network access to affected systems.
  • Update Crimson, confirm, and observe.

Frequently asked questions

What is Red Lion Crimson 3.1?

Red Lion Crimson 3.1 is configuration software used for industrial automation and human-machine interfaces (HMIs). It facilitates the setup and management of devices that control and monitor industrial processes.

What weakness does CVE-2020-27285 describe?

CVE-2020-27285 details a weakness classified as CWE-306, indicating that the software's default configuration lacks proper user authentication validation. This allows unauthorized individuals to access and modify the database without logging in.

How could an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by leveraging the default configuration that allows unauthenticated access to read and modify the database. This means an attacker with network access could potentially gain unauthorized control over critical data and system operations without needing any credentials.

What is the relevance of Halo Surface Signal to this vulnerability?

Halo Surface Signal indicates that while Crimson 3.1 is network-reachable, its typical deployment within internal industrial networks makes public internet exposure uncommon. However, it acknowledges that such exposure is possible in certain environments.

What steps should be taken to mitigate this risk?

To mitigate this risk, organizations should update Crimson 3.1 to build 3119.001 or later. Additionally, minimizing network exposure, ensuring devices are not accessible from the internet, and isolating control system networks behind firewalls are recommended defensive measures.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified