CVE-2019-10990

Summary

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files.

Affected Software

VendorProductVersion RangeStatus
n/aRed Lion Controls Crimson (Windows configuration software)Version 3.0 and prior, Version 3.1 prior to release 3112.00affected

Weaknesses

  • CWE-321: USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References