Vulnerability Details CVE-2023-46389
LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.1%
CVSS Severity
CVSS v3 Score 7.5
References
- http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html
- http://seclists.org/fulldisclosure/2023/Nov/7
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
- https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/
- http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html
- http://seclists.org/fulldisclosure/2023/Nov/7
- https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/
Products affected by CVE-2023-46389
-
cpe:2.3:h:loytec:linx-151:-
-
cpe:2.3:h:loytec:linx-212:-
-
cpe:2.3:o:loytec:linx-151_firmware:7.2.4
-
cpe:2.3:o:loytec:linx-212_firmware:6.2.4