CVE-2023-46384

high

Description

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.

References

https://seclists.org/fulldisclosure/2023/Nov/6

https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html

https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01

https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/

Details

Source: Mitre, NVD

Published: 2023-11-30

Updated: 2024-09-20

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N