The NCCIC has published an advisory on use after free, improper restriction of operations within the bounds of a memory buffer, pointer issues, and use of hard-coded cryptographic key vulnerabilities in Red Lion Controls Crimson. Versions 3.0 and prior and versions 3.1 and prior, to release 3112.00, are affected. Red Lion Controls recommends users migrate to Crimson 3.1 release 3112.00 or later where the model choice allows. The NCCIC also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
H2OSecCon 2025- a virtual security event for the water sector - happening May 20th. Register Now!