Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for linx-212_firmware by loytec

    CVE-2023-46389 (GCVE-0-2023-46389)

    Vulnerability from nvd – Published: 2023-11-30 00:00 – Updated: 2024-09-20 16:48
    VLAI
    Summary
    LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T16:48:00.947Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46389",
        "datePublished": "2023-11-30T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-20T16:48:00.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46388 (GCVE-0-2023-46388)

    Vulnerability from nvd – Published: 2023-11-30 00:00 – Updated: 2024-09-20 16:46
    VLAI
    Summary
    LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T16:46:38.362Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46388",
        "datePublished": "2023-11-30T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-20T16:46:38.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46387 (GCVE-0-2023-46387)

    Vulnerability from nvd – Published: 2023-11-30 00:00 – Updated: 2024-11-26 19:22
    VLAI
    Summary
    LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:21:17.840088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:22:17.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T16:45:11.769Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46387",
        "datePublished": "2023-11-30T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-11-26T19:22:17.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46386 (GCVE-0-2023-46386)

    Vulnerability from nvd – Published: 2023-11-30 00:00 – Updated: 2024-09-20 16:43
    VLAI
    Summary
    LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T16:43:34.463Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46386",
        "datePublished": "2023-11-30T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-20T16:43:34.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46382 (GCVE-0-2023-46382)

    Vulnerability from nvd – Published: 2023-11-04 00:00 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:37.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2023/Nov/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:27:40.674Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
            },
            {
              "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46382",
        "datePublished": "2023-11-04T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:25:37.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-46381 (GCVE-0-2023-46381)

    Vulnerability from nvd – Published: 2023-11-04 00:00 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:36.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2023/Nov/0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46381",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T21:31:03.532906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:54.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:45:45.203Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
            },
            {
              "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46381",
        "datePublished": "2023-11-04T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:25:36.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-46380 (GCVE-0-2023-46380)

    Vulnerability from nvd – Published: 2023-11-04 00:00 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    loytec lvis-3me12-a1 Affected: 0 , < * (custom)
        cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*
        cpe:2.3:a:loytec:l-inx_configurator:*:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:liob-580_v2:-:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:liob-588:-:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:35.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2023/Nov/0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
                  "cpe:2.3:a:loytec:l-inx_configurator:*:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:liob-580_v2:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:liob-588:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lvis-3me12-a1",
                "vendor": "loytec",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:28:47.048288Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:54.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:15:13.474Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
            },
            {
              "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46380",
        "datePublished": "2023-11-04T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:25:35.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-46389 (GCVE-0-2023-46389)

    Vulnerability from cvelistv5 – Published: 2023-11-30 00:00 – Updated: 2024-09-20 16:48
    VLAI
    Summary
    LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T16:48:00.947Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46389",
        "datePublished": "2023-11-30T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-20T16:48:00.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46387 (GCVE-0-2023-46387)

    Vulnerability from cvelistv5 – Published: 2023-11-30 00:00 – Updated: 2024-11-26 19:22
    VLAI
    Summary
    LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T19:21:17.840088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T19:22:17.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T16:45:11.769Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46387",
        "datePublished": "2023-11-30T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-11-26T19:22:17.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46388 (GCVE-0-2023-46388)

    Vulnerability from cvelistv5 – Published: 2023-11-30 00:00 – Updated: 2024-09-20 16:46
    VLAI
    Summary
    LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T16:46:38.362Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46388",
        "datePublished": "2023-11-30T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-20T16:46:38.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46386 (GCVE-0-2023-46386)

    Vulnerability from cvelistv5 – Published: 2023-11-30 00:00 – Updated: 2024-09-20 16:43
    VLAI
    Summary
    LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T16:43:34.463Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20231127 [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2023/Nov/7"
            },
            {
              "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46386",
        "datePublished": "2023-11-30T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-20T16:43:34.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46381 (GCVE-0-2023-46381)

    Vulnerability from cvelistv5 – Published: 2023-11-04 00:00 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:36.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2023/Nov/0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46381",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T21:31:03.532906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:54.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:45:45.203Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
            },
            {
              "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46381",
        "datePublished": "2023-11-04T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:25:36.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-46382 (GCVE-0-2023-46382)

    Vulnerability from cvelistv5 – Published: 2023-11-04 00:00 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:37.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2023/Nov/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:27:40.674Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
            },
            {
              "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46382",
        "datePublished": "2023-11-04T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:25:37.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-46380 (GCVE-0-2023-46380)

    Vulnerability from cvelistv5 – Published: 2023-11-04 00:00 – Updated: 2025-11-04 19:25
    VLAI
    Summary
    LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    loytec lvis-3me12-a1 Affected: 0 , < * (custom)
        cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*
        cpe:2.3:a:loytec:l-inx_configurator:*:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:liob-580_v2:-:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:liob-588:-:*:*:*:*:*:*:*
        cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:25:35.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2023/Nov/0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*",
                  "cpe:2.3:a:loytec:l-inx_configurator:*:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:liob-580_v2:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:liob-588:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lvis-3me12-a1",
                "vendor": "loytec",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:28:47.048288Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:54.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:15:13.474Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://seclists.org/fulldisclosure/2023/Nov/0"
            },
            {
              "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
            },
            {
              "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46380",
        "datePublished": "2023-11-04T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2025-11-04T19:25:35.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }