CVE-2023-46382

Last Updated: March 29, 2024

CVE-2023-46382 — Loytec Cleartext Credential Transmission Vulnerability

CVE ID: CVE-2023-46382

Publication Date: 2023-11-03

Last Modified: 2024-03-29

Severity: High

Affected Vendor

LOYTEC electronics GmbH

Affected Products

LINX-212 firmware 6.2.4
LVIS-3ME12-A1 firmware 6.2.2
LIOB-586 firmware 6.2.3

Vulnerability Description

The web interface requires login credentials for critical functions (Data, Commission, Config), but username and password information is sent in clear text over HTTP. If anyone sniff network traffic, they could easily steal credentials.

Solutions & Rules

N/A

Credit

Chizuru Toyama of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com

← Back to PSIRT