CVE-2020-27285 – CVE-2020-27285 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2020-27285?

CVE-2020-27285 has a CVSS score of 9.1 (CRITICAL). CVE-2020-27285 is an authentication bypass vulnerability in Crimson 3.1 software that allows unauthenticated users to read and modify the database. This affects industrial control systems using Crimson 3.1 versions prior to 3119.001 with default configurations.

📋 TL;DR

CVE-2020-27285 is an authentication bypass vulnerability in Crimson 3.1 software that allows unauthenticated users to read and modify the database. This affects industrial control systems using Crimson 3.1 versions prior to 3119.001 with default configurations.

💻 Affected Systems

Products:

Red Lion Crimson 3.1

Versions: All versions prior to 3119.001

Operating Systems: Windows (for Crimson software)

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the default configuration of Crimson 3.1 software used for industrial control systems.

📦 What is this software?

Crimson by Redlion

View all CVEs affecting Crimson →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems allowing attackers to modify critical process parameters, disrupt operations, or cause physical damage.

🟠

Likely Case

Unauthorized access to sensitive industrial data, configuration tampering, and potential operational disruption.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to vulnerable systems.

🌐 Internet-Facing: HIGH - Direct internet exposure allows complete system compromise without authentication.

🏢 Internal Only: HIGH - Even internal attackers or malware can exploit this without credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities are typically easy to exploit once discovered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3119.001 or later

Vendor Advisory: https://www.redlion.net/support/security-advisories

Restart Required: Yes

Instructions:

1. Download Crimson 3.1 version 3119.001 or later from Red Lion support portal. 2. Backup current configurations. 3. Install the update following vendor instructions. 4. Restart affected systems. 5. Verify authentication is now required for database access.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Crimson systems from untrusted networks using firewalls.

Access Control Lists

all

Implement strict network access controls to limit connections to Crimson systems.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy intrusion detection systems to monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check Crimson 3.1 version in software interface. If version is below 3119.001, system is vulnerable.

Check Version:

Check version in Crimson 3.1 software interface under Help > About

Verify Fix Applied:

Verify version is 3119.001 or later and test that authentication is required for database access.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated database access attempts
Configuration changes without authentication logs

Network Indicators:

Unusual database queries from unauthorized IPs
Traffic to Crimson database ports without authentication

SIEM Query:

source="crimson_logs" AND (event_type="database_access" AND auth_status="none")

📊 Metadata

CVE ID: CVE-2020-27285

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-306

Published: January 6, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 Third Party Advisory,US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-005-04 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27285, you might also want to check these: