Cybersecurity researchers disclosed two critical vulnerabilities, CVE-2023-40151 and CVE-2023-42770, in Red Lion Sixnet RTUs, both rated 10.0 on the CVSS scale. These flaws enable unauthenticated attackers to bypass authentication and execute root-level commands, affecting SixTRAK and VersaTRAK series devices. Exploiting TCP and UDP communication protocol weaknesses, attackers gain full control over these industrial control units extensively used in energy, water, wastewater, transportation, and utilities sectors. Red Lion, a key industrial automation hardware provider in India’s critical infrastructure, supplies these RTUs for real-time process monitoring and control. Claroty and CISA experts urge immediate patching and network access restrictions to mitigate risks. Disclosed in late 2023, ongoing advisories emphasize strengthening cybersecurity in India’s vital systems to prevent sabotage or disruption. The affected RTUs are integral to India’s energy and industrial sectors, making this vulnerability critical for operational safety and infrastructure