
CVE-2023-46382
Last Updated: November 3, 2023
Loytec L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels Cleartext Transmission of Sensitive Information Vulnerability
| CVE ID | CVE-2023-46382 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 |
| Vulnerability Details | Authentication is missing on the web user interface for the preinstalled version of LWEB-802. If there is a project on a device, an unauthenticated user could create a new project on a web and access/control a grThe web user interface on Loytec devices requires login credentials for critical information (Data, Commission, Config, etc…); however, username and password information is sent in clear text over HTTP. If anyone sniff network traffic, they could easily steal credentials. |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |
Questions About This Advisory?
Our PSIRT team is here to help with security-related inquiries.
security@txone.com