TXOne Networks
Hero background

CVE-2023-46382

Last Updated: November 3, 2023

Loytec L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels Cleartext Transmission of Sensitive Information Vulnerability

CVE IDCVE-2023-46382
SeverityHigh
Affected VendorsLOYTEC electronics GmbH
Affected ProductsLINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3
Vulnerability DetailsAuthentication is missing on the web user interface for the preinstalled version of LWEB-802. If there is a project on a device, an unauthenticated user could create a new project on a web and access/control a grThe web user interface on Loytec devices requires login credentials for critical information (Data, Commission, Config, etc…); however, username and password information is sent in clear text over HTTP. If anyone sniff network traffic, they could easily steal credentials.
Solutions & RulesN/A
CreditChizuru Toyama of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com