Abstract
This document describes how to whitelist UNC paths, allowing network path references to be used in Crimson builds that include the modification to mitigate CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
Products
All products programmed with Crimson 3.x.
Use Case
Whitelisting UNC Paths
Software Required
Crimson 3.0 Version 711.00 or later
Crimson 3.1 Version 3126.02 or later
Crimson 3.2 Version 3.0045 or later
Introduction
Crimson blocks the exploit by limiting the circumstances in which embedded UNC paths will be opened. While blocking all UNC paths might seem like a suitable remedy, it would adversely effects users who legitimately reference files using this method. Crimson thus applies a set of rules when considering whether to open a UNC file, or whether to block it and inform the user. Specifically, a file will be opened if the host on which it is located can be resolved to an IPv4 address, and if that address matches the subnet of one of the Ethernet or Wi-Fi adapters installed in the PC on which Crimson is executing, or one of the well-known private IP address ranges, namely 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or the APIPA range of 169.254.0.0/16. See Security Bulletin RLCSB-2022ST31 for more details.
Mitigations
Do not open files originating from outside the organization. Until the remedy (updating Crimson to one of the versions mentioned above) is applied and in any case as matter of best practice, users should not open files that originate from outside their organization unless they can establish that said files came from a trusted source.
Whitelisting Paths
Hosts can be whitelisted by adding non-zero DWORD values named after each host to the registry key below. This manual whitelisting may be necessary for internal hosts on certain routed rather than directly accessible networks, or for networks that use IPv6. Since the registry key is located in the HKLM hive, administrative access to the Windows installation will be required.
The whitelist registry key is located at: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Red Lion Controls\Crimson\3.2\UncHostWhiteList The version should be modified to match the version of Crimson that the user is running. The WOW6432Node portion should be removed when running a 32-bit version of Windows.
Example of whitelisting www.google.com for Crimson 3.2 on a Windows 64 machine:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Red Lion Controls\Crimson\3.2\UncHostWhiteList]
"www.google.com"=dword:00000001
Disclaimer
It is the customer's responsibility to review the advice provided herein and its applicability to the system. Red Lion makes no representation about specific knowledge of the customer's system or the specific performance of the system. Red Lion is not responsible for any damage to equipment or connected systems. The use of this document is at your own risk. Red Lion standard product warranty applies.
Red Lion Technical Support
If you have any questions or trouble contact Red Lion Technical Support by clicking here or calling 1-877-432-9908.
For more information: http://www.redlion.net/support/policies-statements/warranty-statement