CVE-2023-46387

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via dpalconfig.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration...

CVE-2023-46388

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-46385

LOYTEC electronics GmbH LINX Configurator all versions is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-247-01 LOYTEC Electronics LINX Series CISA encourages users and administrators to revie...

LOYTEC Electronics LINX Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : LOYTEC electronics GmbH Equipment : LINX series Vulnerabilities : Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function,...

CVE-2023-46383

LOYTEC electronics GmbH LINX Configurator all versions uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...

CVE-2023-46386

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-46384

LOYTEC electronics GmbH LINX Configurator all versions is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device...

Design/Logic Flaw

LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

Design/Logic Flaw

LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration...

CVE-2023-46388

LOYTEC LINX-212 and LINX-151 devices (all versions) are affected by CVE-2023-46388 due to Insecure Permissions via dpal_config.zml, enabling remote disclosure of SMTP client credentials and bypass of email authentication. The issue is tracked across multiple sources (including Red Hat and CISA IC...

CVE-2023-46383

The CVE-2023-46383 entry concerns LOYTEC LINX Configurator (all versions). The underlying issue is HTTP Basic Authentication transmitting credentials in base64-encoded cleartext, enabling remote attackers to steal admin passwords and gain full control of Loytec device configuration. Affected prod...

CVE-2023-46383

LOYTEC electronics GmbH LINX Configurator all versions uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...

CVE-2023-46387

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via dpalconfig.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration...

CVE-2023-46387

LOYTEC LINX-212 (firmware 6.2.4) and LINX-151 (firmware 7.2.4) are affected by CVE-2023-46387 due to Improper Access Control via the dpal_config.zml file. The Red Hat/CISA ICS and related sources describe an exploit scenario where this file’s accessibility enables remote disclosure of sensitive d...

CVE-2023-46384

CVE-2023-46384 affects LOYTEC electronics LINX Configurator (v7.4.10; and LINX-related components) with insecure permissions that allow cleartext credential storage, enabling remote disclosure of the admin password and bypass of authentication to log in to Loytec devices. Technical details from c...

CVE-2023-46385

CVE-2023-46385 affects LOYTEC electronics LINX Configurator (all versions). The vulnerability is caused by insecure permissions: an admin credential is passed as a value in URL parameters without encryption, enabling remote attackers to steal the password and gain full control of Loytec device co...

CVE-2023-46388

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-46386

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-46389

LOYTEC LINX-212 and LINX-151 devices (all versions) are affected by CVE-2023-46389 due to Incorrect Access Control via the registry.xml file, enabling remote disclosure of sensitive configuration data. The ICS advisory lists affected products (LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580...