CVE-2023-46386

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*
cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*
cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*

History

20 Sep 2024, 17:15

Type Values Removed Values Added
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 -
Summary (en) LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. (en) LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.

14 Dec 2023, 08:15

Type Values Removed Values Added
References
  • () https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ -

06 Dec 2023, 18:42

Type Values Removed Values Added
CPE cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*
cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*
cpe:2.3:o:loytec:linx-151_firmware:7.2.4:*:*:*:*:*:*:*
cpe:2.3:h:loytec:linx-151:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Loytec linx-151 Firmware
Loytec linx-212
Loytec
Loytec linx-212 Firmware
Loytec linx-151
CWE CWE-312
References () http://seclists.org/fulldisclosure/2023/Nov/7 - () http://seclists.org/fulldisclosure/2023/Nov/7 - Mailing List, Third Party Advisory
References () http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html - () http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html - Third Party Advisory, VDB Entry

30 Nov 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-30 23:15

Updated : 2024-09-20 17:15


NVD link : CVE-2023-46386

Mitre link : CVE-2023-46386

CVE.ORG link : CVE-2023-46386


JSON object : View

Products Affected

loytec

  • linx-212_firmware
  • linx-212
  • linx-151_firmware
  • linx-151
CWE
CWE-312

Cleartext Storage of Sensitive Information