LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html | Third Party Advisory VDB Entry |
https://seclists.org/fulldisclosure/2023/Nov/6 | Mailing List Third Party Advisory |
https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ |
Configurations
History
14 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Dec 2023, 18:47
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 | |
First Time |
Loytec
Loytec l-inx Configurator |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://seclists.org/fulldisclosure/2023/Nov/6 - Mailing List, Third Party Advisory | |
References | () https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:* |
30 Nov 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-30 23:15
Updated : 2023-12-14 08:15
NVD link : CVE-2023-46384
Mitre link : CVE-2023-46384
CVE.ORG link : CVE-2023-46384
JSON object : View
Products Affected
loytec
- l-inx_configurator
CWE
CWE-312
Cleartext Storage of Sensitive Information