CVE-2023-46384
HIGHLOYTEC electronics GmbH LINX Configurator - Info Disclosure
Title source: llmDescription
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry
https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html
Various Sources
https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/
Mailing List
http://seclists.org/fulldisclosure/2023/Nov/6
Mailing List, Third Party Advisory mailing-list
https://seclists.org/fulldisclosure/2023/Nov/6
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
Scores
CVSS v3
7.5
EPSS
0.0152
EPSS Percentile
71.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
loytec/l-inx_configurator
7.4.10
Published
Nov 30, 2023
Tracked Since
Feb 18, 2026