{"id":10529,"date":"2025-10-16T13:27:19","date_gmt":"2025-10-16T06:27:19","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10529"},"modified":"2026-02-05T13:27:26","modified_gmt":"2026-02-05T06:27:26","slug":"hai-lo-hong-nghiem-trong-trong-red-lion-rtu-de-doa-ha-tang-cong-nghiep-the-gioi","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/10\/16\/hai-lo-hong-nghiem-trong-trong-red-lion-rtu-de-doa-ha-tang-cong-nghiep-the-gioi\/","title":{"rendered":"Hai l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong Red Lion RTU \u0111e d\u1ecda h\u1ea1 t\u1ea7ng c\u00f4ng nghi\u1ec7p th\u1ebf gi\u1edbi"},"content":{"rendered":"

C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u an ninh m\u1ea1ng v\u1eeba c\u00f4ng b\u1ed1 hai l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong c\u00e1c thi\u1ebft b\u1ecb \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa Red Lion Sixnet RTU \u2013 d\u00f2ng s\u1ea3n ph\u1ea9m \u0111\u01b0\u1ee3c tri\u1ec3n khai r\u1ed9ng r\u00e3i trong c\u00e1c h\u1ec7 th\u1ed1ng t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00f4ng nghi\u1ec7p. C\u1ea3 hai l\u1ed7 h\u1ed5ng, \u0111\u01b0\u1ee3c \u0111\u1ecbnh danh CVE-2023-40151 v\u00e0 CVE-2023-42770, \u0111\u1ec1u \u0111\u1ea1t \u0111i\u1ec3m t\u1ed1i \u0111a 10.0 theo thang CVSS, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n thi\u1ebft b\u1ecb v\u1edbi \u0111\u1eb7c quy\u1ec1n cao nh\u1ea5t.<\/b><\/p>\n

\n
\"Anh-whitehat-vn.png\"<\/div>\n<\/div>\n

Theo b\u00e1o c\u00e1o t\u1eeb nh\u00f3m nghi\u00ean c\u1ee9u Claroty Team 82, c\u00e1c thi\u1ebft b\u1ecb Red Lion SixTRAK v\u00e0 VersaTRAK RTU b\u1ecb \u1ea3nh h\u01b0\u1edfng c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c m\u00e0 kh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c. K\u1ebb t\u1ea5n c\u00f4ng ch\u1ec9 c\u1ea7n k\u1ebft n\u1ed1i t\u1eeb xa l\u00e0 \u0111\u00e3 c\u00f3 th\u1ec3 g\u1eedi l\u1ec7nh v\u00e0 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd \u1edf c\u1ea5p \u0111\u1ed9 root, qua \u0111\u00f3 m\u1edf ra nguy c\u01a1 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n c\u00e1c quy tr\u00ecnh c\u00f4ng nghi\u1ec7p. \u0110\u00e2y l\u00e0 m\u1ee9c \u0111\u1ed9 r\u1ee7i ro \u0111\u1eb7c bi\u1ec7t l\u1edbn \u0111\u1ed1i v\u1edbi c\u00e1c h\u1ec7 th\u1ed1ng \u0111i\u1ec1u khi\u1ec3n t\u1ef1 \u0111\u1ed9ng (ICS\/SCADA) \u0111ang v\u1eadn h\u00e0nh trong l\u0129nh v\u1ef1c n\u0103ng l\u01b0\u1ee3ng, c\u1ea5p tho\u00e1t n\u01b0\u1edbc, giao th\u00f4ng, h\u1ea1 t\u1ea7ng \u0111\u00f4 th\u1ecb v\u00e0 s\u1ea3n xu\u1ea5t.<\/p>\n

C\u00e1c thi\u1ebft b\u1ecb RTU c\u1ee7a Red Lion \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh th\u00f4ng qua ph\u1ea7n m\u1ec1m Sixnet IO Tool Kit ch\u1ea1y tr\u00ean Windows, s\u1eed d\u1ee5ng giao th\u1ee9c \u0111\u1ed9c quy\u1ec1n c\u00f3 t\u00ean Sixnet Universal \u0111\u1ec3 giao ti\u1ebfp v\u1edbi thi\u1ebft b\u1ecb \u0111\u1ea7u cu\u1ed1i. Giao th\u1ee9c n\u00e0y h\u1ed7 tr\u1ee3 nhi\u1ec1u t\u00ednh n\u0103ng nh\u01b0 qu\u1ea3n l\u00fd t\u1ec7p, truy xu\u1ea5t th\u00f4ng tin h\u1ec7 th\u1ed1ng hay thao t\u00e1c v\u1edbi nh\u00e2n Linux v\u00e0 bootloader th\u00f4ng qua UDP. Tuy nhi\u00ean, ch\u00ednh c\u01a1 ch\u1ebf n\u00e0y l\u1ea1i l\u00e0 \u0111i\u1ec3m y\u1ebfu c\u1ed1t l\u00f5i d\u1eabn \u0111\u1ebfn hai l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng m\u00e0 Claroty ph\u00e1t hi\u1ec7n.<\/p>\n

CVE-2023-42770 l\u00e0 l\u1ed7i b\u1ecf qua x\u00e1c th\u1ef1c b\u1eaft ngu\u1ed3n t\u1eeb vi\u1ec7c ph\u1ea7n m\u1ec1m Sixnet RTU l\u1eafng nghe tr\u00ean c\u00f9ng c\u1ed5ng 1594 cho c\u1ea3 hai giao th\u1ee9c UDP v\u00e0 TCP. Trong khi k\u1ebft n\u1ed1i qua UDP y\u00eau c\u1ea7u x\u00e1c th\u1ef1c, th\u00ec TCP l\u1ea1i cho ph\u00e9p ch\u1ea5p nh\u1eadn g\u00f3i tin \u0111\u1ebfn m\u00e0 kh\u00f4ng c\u1ea7n b\u1ea5t k\u1ef3 c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c n\u00e0o. \u0110i\u1ec1u n\u00e0y khi\u1ebfn k\u1ebb t\u1ea5n c\u00f4ng d\u1ec5 d\u00e0ng g\u1eedi y\u00eau c\u1ea7u gi\u1ea3 m\u1ea1o qua TCP v\u00e0 v\u01b0\u1ee3t qua l\u1edbp b\u1ea3o v\u1ec7 ban \u0111\u1ea7u.<\/p>\n

CVE-2023-40151, trong khi \u0111\u00f3, l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng th\u1ef1c thi m\u00e3 t\u1eeb xa xu\u1ea5t ph\u00e1t t\u1eeb vi\u1ec7c tr\u00ecnh \u0111i\u1ec1u khi\u1ec3n Sixnet Universal Driver h\u1ed7 tr\u1ee3 s\u1eb5n kh\u1ea3 n\u0103ng th\u1ef1c thi l\u1ec7nh h\u1ec7 th\u1ed1ng Linux. Khi k\u1ebft h\u1ee3p hai l\u1ed7 h\u1ed5ng n\u00e0y, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 b\u1ecf qua to\u00e0n b\u1ed9 c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c, g\u1eedi l\u1ec7nh tr\u1ef1c ti\u1ebfp t\u1edbi thi\u1ebft b\u1ecb v\u00e0 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd v\u1edbi quy\u1ec1n root. \u0110i\u1ec1u n\u00e0y \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c ch\u00fang c\u00f3 th\u1ec3 n\u1eafm to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t thi\u1ebft b\u1ecb c\u0169ng nh\u01b0 c\u00e1c quy tr\u00ecnh v\u1eadn h\u00e0nh li\u00ean quan.<\/p>\n

Red Lion trong khuy\u1ebfn ngh\u1ecb ph\u00e1t h\u00e0nh th\u00e1ng 6\/2025 x\u00e1c nh\u1eadn r\u1eb1ng c\u00e1c thi\u1ebft b\u1ecb SixTRAK v\u00e0 VersaTRAK c\u00f3 k\u00edch ho\u1ea1t t\u00ednh n\u0103ng x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng v\u1eabn c\u00f3 th\u1ec3 b\u1ecb \u1ea3nh h\u01b0\u1edfng n\u1ebfu nh\u1eadn g\u00f3i tin UDR qua TCP, do kh\u00f4ng c\u00f3 b\u01b0\u1edbc ki\u1ec3m tra x\u00e1c th\u1ef1c. Trong tr\u01b0\u1eddng h\u1ee3p t\u00ednh n\u0103ng x\u00e1c th\u1ef1c b\u1ecb v\u00f4 hi\u1ec7u h\u00f3a, h\u1ec7 th\u1ed1ng s\u1ebd cho ph\u00e9p th\u1ef1c thi l\u1ec7nh tr\u1ef1c ti\u1ebfp v\u1edbi \u0111\u1eb7c quy\u1ec1n cao nh\u1ea5t, t\u1ea1o ra r\u1ee7i ro nghi\u00eam tr\u1ecdng cho c\u00e1c h\u1ec7 th\u1ed1ng c\u00f4ng nghi\u1ec7p \u0111ang k\u1ebft n\u1ed1i m\u1ea1ng.<\/p>\n

C\u00e1c d\u00f2ng s\u1ea3n ph\u1ea9m b\u1ecb \u1ea3nh h\u01b0\u1edfng bao g\u1ed3m:<\/p>\n