7 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. LOYTEC electronics GmbH LINX-212 6.2.4 y LINX-151 7.2.4 son vulnerables a permisos inseguros a través del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticación de correo electrónico. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a permisos inseguros a través del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticación de correo electrónico. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a través del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre la configuración de puntos de datos del dispositivo Loytec. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. El firmware LINX-212 6.2.4 de LOYTEC electronics GmbH y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a través del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre la configuración de LINX. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP. Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 envían solicitudes de cambio de contraseña a través de HTTP de texto plano. LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities. • http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html https://seclists.org/fulldisclosure/2023/Nov/0 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-319: Cleartext Transmission of Sensitive Information •