Red Lion Controls, a prominent manufacturer of industrial automation and networking products, has recently disclosed two critical vulnerabilities in its Remote Terminal Units (RTUs). Both vulnerabilities have been assigned the highest severity rating of CVSS 10.0, indicating their potential to cause severe damage if exploited. These security flaws could allow attackers to execute remote code on affected devices, posing significant risks to industrial control systems and critical infrastructure.
The first vulnerability involves a buffer overflow issue that can be triggered remotely without authentication, enabling attackers to execute arbitrary code. The second flaw is related to improper input validation, which also allows remote code execution. Red Lion has issued security advisories and patches to mitigate these vulnerabilities, urging users to update their devices immediately to prevent exploitation.
Industrial control systems are increasingly targeted by cybercriminals due to their critical role in infrastructure and manufacturing. The discovery of these two CVSS 10.0 bugs in Red Lion RTUs highlights the urgent need for robust cybersecurity measures in operational technology environments. Organizations using these devices should prioritize patching and implement network segmentation and monitoring to reduce exposure.
This incident underscores the importance of continuous vulnerability assessment and timely response in the industrial sector. By addressing these critical vulnerabilities, Red Lion Controls aims to protect its customers and maintain the integrity of industrial operations worldwide. Security teams should stay vigilant for any signs of exploitation and follow best practices to safeguard their systems.
This Cyber News was published on thehackernews.com. Publication date: Wed, 15 Oct 2025 23:14:05 +0000