Critical vulnerabilities in Red Lion industrial RTUs enable complete remote takeover
Take action: If you're running Red Lion SixTRAK or VersaTRAK RTUs, make sure to isolate the RTUs and make them accessible only from trusted networks. Then plan a very quick update, since the RTUs are immediately expoloitable. Someone will exploit them.
Learn More
Security researchers are reporting two critical vulnerabilities in Red Lion's Sixnet remote terminal unit (RTU) that allow unauthenticated attackers to execute commands with root privileges on affected devices, potentially enabling complete operational takeover.
Vulnerabilities summary:
- CVE-2023-40151 (CVSS score 10.0) an authentication bypass flaw caused by a protocol implementation error. The Sixnet RTU software listens to the same port (number 1594) in both UDP and TCP protocols but only prompts for an authentication challenge over UDP, but is accepting incoming messages over TCP without any authentication requirements.
- CVE-2023-42770 (CVSS score 10.0) is caued by Sixnet Universal Driver's (UDR) built-in support for Linux shell command execution to run arbitrary code with root privileges. When user authentication is not enabled, the shell can execute commands with the highest privileges, providing attackers with complete control over the device's operating system and all its functions.
The vulnerabilities affect Red Lion SixTRAK and VersaTRAK RTUs, which provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems.
Red Lion released patches and advisories in June 2025.
Organizations are strongly advised to apply the available patches immediately. For situations where immediate patching is not feasible, Red Lion recommends enabling user authentication in the RTU and blocking all or most Sixnet UDR messages over TCP/IP.
