PSIRT Advisories
The following is a list of advisories for issues reported or coordinated by the TXOne Networks Product Security Incident Response Team (PSIRT). For details of how to coordinate with PSIRT, please see our Vulnerability Disclosure Policy.
| CVE ID | Affected Vendors | Affected Products | Updated | Severity | Credit |
| CVE-2026-4483 | Moxa | MxGeneralIo Windows 7 version before v1.4.0, MxGeneralIo Windows 10 version before v1.5.0, MxGeneralIo Windows 11 version before v1.5.0 | 2026-04-08 | High | Jason Huang from Cyber Threat & Product Defense Center of TXOne Networks Inc. |
| Moxa MxGeneralIo exposes IOCTL with an insufficient access control vulnerability | |||||
| CVE-2026-3437 | Portwell | Portwell Engineering Toolkits version 4.8.2 and prior | 2026-03-04 | High | Jason Huang from Cyber Threat & Product Defense Center of TXOne Networks Inc. |
| Portwell Engineering Toolkits Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability | |||||
| CVE-2025-14252 | Advantech | Advantech SUSI 5.0.24335 and prior | 2025-12-16 | High | Jason Huang of TXOne Networks Inc. |
| Advantech SUSI Driver Improper Access Control Vulnerability | |||||
| CVE-2024-47935 | TXOne Networks Inc. | StellarProtect (Legacy Mode) before V3.2 StellarEnforce before V3.2 Safe Lock from 3.0.0 before 3.1.1076 *Note: StellarProtect (Legacy Mode) is the new name for StellarEnforce, they are the same product |
2025-02-17 | Medium | Sahil Shah, Shaurya, and Ramya Shah of National Forensic Sciences University |
| TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock Improper Validation of Integrity Check Value Vulnerability | |||||
| CVE-2024-47934 | TXOne Networks Inc. | TXOne Networks Portable Inspector (Pro Edition) through V1.0.0 | 2025-01-08 | Medium | Thomas Riedmaier of Siemens Energy |
| TXOne Networks Portable Inspector Management Program Improper Input Validation Vulnerability | |||||
| CVE-2023-46383 | LOYTEC electronics GmbH | LINX Configurator 7.4.10 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec LINX Configurator Cleartext Transmission of Sensitive Information Vulnerability | |||||
| CVE-2023-46384 | LOYTEC electronics GmbH | LINX Configurator 7.4.10 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec LINX Configurator Use of Hard-coded Password Authentication Bypass Vulnerability | |||||
| CVE-2023-46385 | LOYTEC electronics GmbH | LINX Configurator 7.4.10 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec LINX Configurator Cleartext Transmission of Sensitive Information Vulnerability | |||||
| CVE-2023-46386 | LOYTEC electronics GmbH | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec Use of Hard-coded Password Authentication Bypass Vulnerability | |||||
| CVE-2023-46387 | LOYTEC electronics GmbH | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec Improper Access Control Information Disclosure Vulnerability | |||||
| CVE-2023-46388 | LOYTEC electronics GmbH | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec Use of Hard-coded Password Authentication Bypass Vulnerability | |||||
| CVE-2023-46389 | LOYTEC electronics GmbH | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec Improper Access Control Information Disclosure Vulnerability | |||||
| CVE-2023-46380 | LOYTEC electronics GmbH | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 | 2023-11-03 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels Cleartext Transmission of Sensitive Information Vulnerability | |||||
| CVE-2023-46381 | LOYTEC electronics GmbH | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 | 2023-11-03 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec LWEB-802 Mising Authentication Vulnerability | |||||
| CVE-2023-46382 | LOYTEC electronics GmbH | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 | 2023-11-03 | High | Chizuru Toyama of TXOne Networks Inc. |
| Loytec L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels Cleartext Transmission of Sensitive Information Vulnerability | |||||
| CVE-2023-38584 | Weintek | cMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior | 2023-10-12 | Critical | Hank Chen of TXOne Networks Inc. |
| Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow Vulnerability | |||||
| CVE-2023-40145 | Weintek | cMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior | 2023-10-12 | High | Hank Chen of TXOne Networks Inc. |
| Weintek cMT3000 HMI Web CGI OS Command Injection Vulnerability | |||||
| CVE-2023-43492 | Weintek | cMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior | 2023-10-12 | Critical | Hank Chen of TXOne Networks Inc. |
| Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow Vulnerability | |||||
| CVE-2023-35134 | Weintek | Weincloud Account API: Versions 0.13.6 and prior | 2023-07-18 | High | Hank Chen of TXOne Networks Inc. |
| Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password Vulnerability | |||||
| CVE-2023-37362 | Weintek | Weincloud Account API: Versions 0.13.6 and prior | 2023-07-18 | High | Hank Chen of TXOne Networks Inc. |
| Weintek Weincloud Improper Authentication Vulnerability | |||||
| CVE-2023-32657 | Weintek | Weincloud Account API: Versions 0.13.6 and prior | 2023-07-18 | Medium | Hank Chen of TXOne Networks Inc. |
| Weintek Weincloud Improper Restriction of Excessive Authentication Attempts Vulnerability | |||||
| CVE-2023-34429 | Weintek | Weincloud Account API: Versions 0.13.6 and prior | 2023-07-18 | High | Hank Chen of TXOne Networks Inc. |
| Weintek Weincloud Improper Handling of Structural Elements Vulnerability | |||||
| CVE-2023-1864 | FANUC | ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior | 2023-04-11 | Medium | Yenting Lee of TXOne Networks Inc. |
| FANUC ROBOGUIDE-HandlingPRO Path Traversal Vulnerability | |||||
| CVE-2023-25069 | TXOne Networks Inc. | Stellar before V2.0.1160 | 2023-03-17 | High | Elias Martinez of MD Anderson Cancer Center |
| Trend Micro TXOne StellarOne Improper Access Control Privilege Escalation Vulnerability | |||||
| CVE-2023-0104 | Weintek | EasyBuilder Pro v6.07.01 and prior, EasyBuilder Pro v6.07.02.479 and prior, EasyBuilder Pro v6.08.01.349 and prior | 2023-02-14 | Critical | Hank Chen and Mars Cheng of TXOne Networks Inc. |
| Weintek EasyBuilder Pro cMT Series ZipSlip Vulnerability | |||||
| CVE-2022-3089 | EnOcean Edge Inc. | EnOcean SmartServer: v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006) | 2023-02-13 | Medium | Chizuru Toyama of TXOne Networks Inc. |
| Echelon SmartServer 2.2 with i.LON Vision 2.2 Use of Hard-coded Credentials Vulnerability | |||||