Lucene search

[email protected]CVE-2023-46387

HistoryNov 30, 2023 - 11:15 p.m.

CVE-2023-46387

2023-11-3023:15:07

[email protected]

web.nvd.nist.gov

loytec electronics

linx-212

linx-151

firmware

vulnerability

incorrect access control

dpal_config.zml

remote disclosure

sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.5%

JSON

LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.

Affected configurations

NVD

Node

loyteclinx-212_firmwareMatch6.2.4

AND

loyteclinx-212Match-

Node

loyteclinx-151_firmwareMatch7.2.4

AND

loyteclinx-151Match-

CPENameOperatorVersion
loytec:linx-212_firmwareloytec linx-212 firmwareeq6.2.4

CPE	Name	Operator	Version
loytec:linx-212_firmware	loytec linx-212 firmware	eq	6.2.4

References

packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html

seclists.org/fulldisclosure/2023/Nov/7

www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for CVE-2023-46387

nvd1 prion1 cvelist1 packetstorm1 zdt1