CVE-2023-46382
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.
Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 utilizan HTTP de texto plano para iniciar sesiĆ³n.
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-23 CVE Reserved
- 2023-11-04 CVE Published
- 2024-09-19 CVE Updated
- 2024-10-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Loytec Search vendor "Loytec" | Linx-212 Firmware Search vendor "Loytec" for product "Linx-212 Firmware" | 6.2.4 Search vendor "Loytec" for product "Linx-212 Firmware" and version "6.2.4" | - |
Affected
| in | Loytec Search vendor "Loytec" | Linx-212 Search vendor "Loytec" for product "Linx-212" | - | - |
Safe
|
Loytec Search vendor "Loytec" | Lvis-3me12-a1 Firmware Search vendor "Loytec" for product "Lvis-3me12-a1 Firmware" | 6.2.2 Search vendor "Loytec" for product "Lvis-3me12-a1 Firmware" and version "6.2.2" | - |
Affected
| in | Loytec Search vendor "Loytec" | Lvis-3me12-a1 Search vendor "Loytec" for product "Lvis-3me12-a1" | - | - |
Safe
|
Loytec Search vendor "Loytec" | Liob-586 Firmware Search vendor "Loytec" for product "Liob-586 Firmware" | 6.2.3 Search vendor "Loytec" for product "Liob-586 Firmware" and version "6.2.3" | - |
Affected
| in | Loytec Search vendor "Loytec" | Liob-586 Search vendor "Loytec" for product "Liob-586" | - | - |
Safe
|