CVE-2023-46388 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46388
LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. LOYTEC electronics GmbH LINX-212 6.2.4 y LINX-151 7.2.4 son vulnerables a permisos inseguros a través del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticación de correo electrónico. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-46386 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46386
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a permisos inseguros a través del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticación de correo electrónico. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-46387 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46387
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a través del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre la configuración de puntos de datos del dispositivo Loytec. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 •
CVE-2023-46389 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46389
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. El firmware LINX-212 6.2.4 de LOYTEC electronics GmbH y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a través del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre la configuración de LINX. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 •