CVE-2023-40151 CRITICAL

CVE-2023-40151: Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function

Vendor Red Lion Controls
Product ST-IPm-8460
Weakness CWE-749
Published November 21, 2023
Last update February 25, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.

Key dates

02Disclosure timeline

November 21, 2023 CVE published
February 25, 2026 Record updated