Vulnerability Description
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Loytec | L-Inx Configurator | 7.4.10 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-InsThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2023/Nov/6Mailing ListThird Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
- https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-
- http://seclists.org/fulldisclosure/2023/Nov/6
- https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-InsThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2023/Nov/6Mailing ListThird Party Advisory
- https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-
FAQ
What is CVE-2023-46384?
CVE-2023-46384 is a vulnerability with a CVSS score of 7.5 (HIGH). LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authen...
How severe is CVE-2023-46384?
CVE-2023-46384 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46384?
Check the references section above for vendor advisories and patch information. Affected products include: Loytec L-Inx Configurator.