Red Lion SixTRAK and VersaTRAK RTUs root command execution flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Red Lion SixTRAK and VersaTRAK RTUs face CVE-2023-42770 and CVE-2023-40151, two CVSS 10.0 flaws that can let an unauthenticated attacker chain authentication bypass and command execution into root-level remote code execution. Red Lion and CISA have urged customers to apply patches, enable user authentication, and block TCP access on affected industrial devices. The issue matters because exposed RTUs in critical infrastructure environments can be turned into high-impact control-system footholds.
Related Happenings
CISA urgent mitigation order for Cisco FMC CVE-2026-20131
Advisory/Mitigation
First: 23.03.2026 12:30
Last: 23.03.2026 12:30
Sources 1
About this happening:
**CISA** ordered **federal civilian agencies** to patch **CVE-2026-20131** in **Cisco Secure Firewall Management Center (FMC)** within **three days** or discontinue use if mitigat...
CISA urgent mitigation order for Cisco FMC CVE-2026-20131
Advisory/MitigationAbout this happening: **CISA** ordered **federal civilian agencies** to patch **CVE-2026-20131** in **Cisco Secure Firewall Management Center (FMC)** within **three days** or discontinue use if mitigat...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation Wave
First: 12.02.2026 23:34
Last: 12.02.2026 23:34
Sources 1
About this happening:
**CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
CISA KEV mitigation deadline for actively exploited flaws
Advisory/Mitigation
First: 30.09.2025 08:41
Last: 30.09.2025 08:41
Sources 1
About this happening:
**CISA** told **FCEB agencies** to apply mitigations for **actively exploited KEV-listed flaws** by **October 20, 2025**, creating a federal remediation deadline for systems expos...
CISA KEV mitigation deadline for actively exploited flaws
Advisory/MitigationAbout this happening: **CISA** told **FCEB agencies** to apply mitigations for **actively exploited KEV-listed flaws** by **October 20, 2025**, creating a federal remediation deadline for systems expos...
Timeline
-
15.10.2025 09:50 2 articles · 7mo ago
Claroty discloses CVE-2023-42770 and CVE-2023-40151 in Red Lion RTUs
Initial DisclosureClaroty Team 82 disclosed two critical vulnerabilities, CVE-2023-42770 and CVE-2023-40151, affecting Red Lion SixTRAK and VersaTRAK RTUs and rated CVSS 10.0. The flaws let an unauthenticated attacker chain authentication bypass and Linux shell command execution to run commands with root privileges on affected industrial automation devices.
Show sources
- Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control — thehackernews.com — 15.10.2025 09:50
- Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control — thehackernews.com — 15.10.2025 09:50