CVE-2023-46388 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46388
LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. LOYTEC electronics GmbH LINX-212 6.2.4 y LINX-151 7.2.4 son vulnerables a permisos inseguros a través del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticación de correo electrónico. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-46386 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46386
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a permisos inseguros a través del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticación de correo electrónico. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-46387 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46387
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a través del archivo dpal_config.zml. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre la configuración de puntos de datos del dispositivo Loytec. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 •
CVE-2023-46389 – Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46389
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. El firmware LINX-212 6.2.4 de LOYTEC electronics GmbH y el firmware LINX-151 7.2.4 son vulnerables a un control de acceso incorrecto a través del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre la configuración de LINX. LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. • http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html http://seclists.org/fulldisclosure/2023/Nov/7 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 •
CVE-2023-46385 – Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46385
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. Una credencial de administrador se pasa como un valor de los parámetros de URL sin cifrado, por lo que permite a atacantes remotos robar la contraseña y obtener control total de la configuración del dispositivo Loytec. LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. • https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html https://seclists.org/fulldisclosure/2023/Nov/6 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-319: Cleartext Transmission of Sensitive Information •