// For flags

CVE-2023-46386

Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.

LOYTEC electronics GmbH el firmware LINX-212 6.2.4 y el firmware LINX-151 7.2.4 son vulnerables a permisos inseguros a través del archivo registry.xml. Esta vulnerabilidad permite a atacantes remotos revelar las credenciales de la cuenta del cliente SMTP y eludir la autenticación de correo electrónico.

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication.

Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-10-23 CVE Reserved
  • 2023-11-28 CVE Published
  • 2024-09-20 CVE Updated
  • 2024-09-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-312: Cleartext Storage of Sensitive Information
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Loytec
Search vendor "Loytec"
Linx-212 Firmware
Search vendor "Loytec" for product "Linx-212 Firmware"
6.2.4
Search vendor "Loytec" for product "Linx-212 Firmware" and version "6.2.4"
-
Affected
in Loytec
Search vendor "Loytec"
Linx-212
Search vendor "Loytec" for product "Linx-212"
--
Safe
Loytec
Search vendor "Loytec"
Linx-151 Firmware
Search vendor "Loytec" for product "Linx-151 Firmware"
7.2.4
Search vendor "Loytec" for product "Linx-151 Firmware" and version "7.2.4"
-
Affected
in Loytec
Search vendor "Loytec"
Linx-151
Search vendor "Loytec" for product "Linx-151"
--
Safe