CVE-2023-46381
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 carecen de autenticación para la versión preinstalada de LWEB-802 a través de un URI lweb802_pre/. Un atacante no autenticado puede editar cualquier proyecto (o crear un proyecto nuevo) y controlar su GUI.
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-23 CVE Reserved
- 2023-11-04 CVE Published
- 2024-09-19 CVE Updated
- 2024-10-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Loytec Search vendor "Loytec" | Linx-212 Firmware Search vendor "Loytec" for product "Linx-212 Firmware" | 6.2.4 Search vendor "Loytec" for product "Linx-212 Firmware" and version "6.2.4" | - |
Affected
| in | Loytec Search vendor "Loytec" | Linx-212 Search vendor "Loytec" for product "Linx-212" | - | - |
Safe
|
Loytec Search vendor "Loytec" | Lvis-3me12-a1 Firmware Search vendor "Loytec" for product "Lvis-3me12-a1 Firmware" | 6.2.2 Search vendor "Loytec" for product "Lvis-3me12-a1 Firmware" and version "6.2.2" | - |
Affected
| in | Loytec Search vendor "Loytec" | Lvis-3me12-a1 Search vendor "Loytec" for product "Lvis-3me12-a1" | - | - |
Safe
|
Loytec Search vendor "Loytec" | Liob-586 Firmware Search vendor "Loytec" for product "Liob-586 Firmware" | 6.2.3 Search vendor "Loytec" for product "Liob-586 Firmware" and version "6.2.3" | - |
Affected
| in | Loytec Search vendor "Loytec" | Liob-586 Search vendor "Loytec" for product "Liob-586" | - | - |
Safe
|