PSIRT Advisories
The following is a list of advisories for issues reported or coordinated by the TXOne Networks Product Security Incident Response Team (PSIRT). For details of how to coordinate with PSIRT, please see our Vulnerability Disclosure Policy.
| CVE ID | Affected Vendors | Affected Products | Updated | Severity | Credit |
| CVE-2025-14252 | Advantech | Advantech SUSI 5.0.24335 and prior | 2025-12-16 | High | Jason Huang of TXOne Networks |
| Advantech SUSI Driver Improper Access Control Vulnerability | |||||
| CVE-2024-47935 | TXOne Networks | StellarProtect (Legacy Mode) before V3.2 StellarEnforce before V3.2 Safe Lock from 3.0.0 before 3.1.1076 *Note: StellarProtect (Legacy Mode) is the new name for StellarEnforce, they are the same product |
2025-02-17 | Medium | Sahil Shah, Shaurya, and Ramya Shah of National Forensic Sciences University |
| TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock Improper Validation of Integrity Check Value Vulnerability | |||||
| CVE-2024-47934 | TXOne Networks | TXOne Networks Portable Inspector (Pro Edition) through V1.0.0 | 2025-01-08 | Medium | Thomas Riedmaier of Siemens Energy |
| TXOne Networks Portable Inspector Management Program Improper Input Validation Vulnerability | |||||
| CVE-2023-46383 | LOYTEC electronics GmbH | LINX Configurator 7.4.10 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks |
| Loytec LINX Configurator Cleartext Transmission of Sensitive Information Vulnerability | |||||
| CVE-2023-46384 | LOYTEC electronics GmbH | LINX Configurator 7.4.10 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks |
| Loytec LINX Configurator Use of Hard-coded Password Authentication Bypass Vulnerability | |||||
| CVE-2023-46385 | LOYTEC electronics GmbH | LINX Configurator 7.4.10 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks |
| Loytec LINX Configurator Cleartext Transmission of Sensitive Information Vulnerability | |||||
| CVE-2023-46386 | LOYTEC electronics GmbH | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks |
| Loytec Use of Hard-coded Password Authentication Bypass Vulnerability | |||||
| CVE-2023-46387 | LOYTEC electronics GmbH | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks |
| Loytec Improper Access Control Information Disclosure Vulnerability | |||||
| CVE-2023-46388 | LOYTEC electronics GmbH | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks |
| Loytec Use of Hard-coded Password Authentication Bypass Vulnerability | |||||
| CVE-2023-46389 | LOYTEC electronics GmbH | LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 | 2023-11-27 | High | Chizuru Toyama of TXOne Networks |
| Loytec Improper Access Control Information Disclosure Vulnerability | |||||
| CVE-2023-46380 | LOYTEC electronics GmbH | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 | 2023-11-03 | High | Chizuru Toyama of TXOne Networks |
| Loytec L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels Cleartext Transmission of Sensitive Information Vulnerability | |||||
| CVE-2023-46381 | LOYTEC electronics GmbH | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 | 2023-11-03 | High | Chizuru Toyama of TXOne Networks |
| Loytec LWEB-802 Mising Authentication Vulnerability | |||||
| CVE-2023-46382 | LOYTEC electronics GmbH | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 | 2023-11-03 | High | Chizuru Toyama of TXOne Networks |
| Loytec L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels Cleartext Transmission of Sensitive Information Vulnerability | |||||
| CVE-2023-38584 | Weintek | cMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior | 2023-10-12 | Critical | Hank Chen of TXOne Networks |
| Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow Vulnerability | |||||
| CVE-2023-40145 | Weintek | cMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior | 2023-10-12 | High | Hank Chen of TXOne Networks |
| Weintek cMT3000 HMI Web CGI OS Command Injection Vulnerability | |||||
| CVE-2023-43492 | Weintek | cMT-FHD: OS version 20210210 or prior, cMT-HDM: OS version 20210204 or prior, cMT3071: OS version 20210218 or prior, cMT3072: OS version 20210218 or prior, cMT3103: OS version 20210218 or prior, cMT3090: OS version 20210218 or prior, cMT3151: OS version 20210218 or prior | 2023-10-12 | Critical | Hank Chen of TXOne Networks |
| Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow Vulnerability | |||||
| CVE-2023-35134 | Weintek | Weincloud Account API: Versions 0.13.6 and prior | 2023-07-18 | High | Hank Chen of TXOne Networks |
| Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password Vulnerability | |||||
| CVE-2023-37362 | Weintek | Weincloud Account API: Versions 0.13.6 and prior | 2023-07-18 | High | Hank Chen of TXOne Networks |
| Weintek Weincloud Improper Authentication Vulnerability | |||||
| CVE-2023-32657 | Weintek | Weincloud Account API: Versions 0.13.6 and prior | 2023-07-18 | Medium | Hank Chen of TXOne Networks |
| Weintek Weincloud Improper Restriction of Excessive Authentication Attempts Vulnerability | |||||
| CVE-2023-34429 | Weintek | Weincloud Account API: Versions 0.13.6 and prior | 2023-07-18 | High | Hank Chen of TXOne Networks |
| Weintek Weincloud Improper Handling of Structural Elements Vulnerability | |||||
| CVE-2023-1864 | FANUC | ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior | 2023-04-11 | Medium | Yenting Lee of TXOne Networks |
| FANUC ROBOGUIDE-HandlingPRO Path Traversal Vulnerability | |||||
| CVE-2023-25069 | TXOne Networks | Stellar before V2.0.1160 | 2023-03-17 | High | Elias Martinez of MD Anderson Cancer Center |
| Trend Micro TXOne StellarOne Improper Access Control Privilege Escalation Vulnerability | |||||
| CVE-2023-0104 | Weintek | EasyBuilder Pro v6.07.01 and prior, EasyBuilder Pro v6.07.02.479 and prior, EasyBuilder Pro v6.08.01.349 and prior | 2023-02-14 | Critical | Hank Chen and Mars Cheng of TXOne Networks |
| Weintek EasyBuilder Pro cMT Series ZipSlip Vulnerability | |||||
| CVE-2022-3089 | EnOcean Edge Inc. | EnOcean SmartServer: v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006) | 2023-02-13 | Medium | Chizuru Toyama of TXOne Networks |
| Echelon SmartServer 2.2 with i.LON Vision 2.2 Use of Hard-coded Credentials Vulnerability | |||||