CVE-2023-46385 – Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46385
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. Una credencial de administrador se pasa como un valor de los parámetros de URL sin cifrado, por lo que permite a atacantes remotos robar la contraseña y obtener control total de la configuración del dispositivo Loytec. LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. • https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html https://seclists.org/fulldisclosure/2023/Nov/6 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-46383 – Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46383
LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. LOYTEC electronics GmbH LINX Configurator 7.4.10 utiliza autenticación básica HTTP, que transmite nombres de usuario y contraseñas en texto plano codificado en base64 y permite a atacantes remotos robar la contraseña y obtener control total de la configuración del dispositivo Loytec. LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. Loytec LINX Configurator version 7.4.10 suffers from insecure transit and cleartext hardcoded secret vulnerabilities. • https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html https://seclists.org/fulldisclosure/2023/Nov/6 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-46384 – Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets
https://notcve.org/view.php?id=CVE-2023-46384
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device. LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. El almacenamiento de credenciales en texto plano permite a atacantes remotos revelar la contraseña de administrador y omitir una autenticación para iniciar sesión en el dispositivo Loytec. LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. • https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html https://seclists.org/fulldisclosure/2023/Nov/6 https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01 • CWE-312: Cleartext Storage of Sensitive Information •