PatchSiren cyber security CVE debrief
CVE-2025-59780 General Industrial Controls CVE debrief
CVE-2025-59780 affects General Industrial Controls Lynx+ Gateway. According to CISA’s advisory, the embedded web server lacks critical authentication, allowing unauthenticated GET requests to retrieve sensitive device information. The advisory was published on 2025-11-13 and assigns CVSS 3.1 7.5 (HIGH), reflecting a network-reachable confidentiality issue with no privileges or user interaction required.
- Vendor
- General Industrial Controls
- Product
- Lynx+ Gateway
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-13
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-11-13
- Advisory updated
- 2025-11-13
Who should care
OT/ICS operators, plant engineers, asset owners, and defenders responsible for General Industrial Controls Lynx+ Gateway devices—especially any deployment where the embedded web server is reachable from broader plant, enterprise, or remote-access networks.
Technical summary
CISA’s CSAF entry describes a missing-authentication flaw in the Lynx+ Gateway embedded web server. The issue is network-based, requires no privileges and no user interaction, and is described as enabling GET requests that expose sensitive device information. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, which indicates a confidentiality impact only.
Defensive priority
High. This is a remotely reachable, unauthenticated information disclosure issue in an industrial control product. Even without evidence of active exploitation in the supplied sources, exposed management interfaces should be treated as urgent hardening targets.
Recommended defensive actions
- Inventory all General Industrial Controls Lynx+ Gateway deployments and identify where the embedded web server is reachable.
- Restrict management access with OT network segmentation, ACLs, allowlists, VPNs, and jump hosts.
- Remove direct exposure of the web interface to untrusted or broad network zones whenever possible.
- Contact GIC at [email protected] for vendor guidance and update availability, and monitor the CISA advisory for revisions.
- Apply CISA ICS recommended practices and defense-in-depth guidance for industrial environments, including monitoring for unexpected web access to device management endpoints.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-317-08 (published 2025-11-13), which states the product is missing critical authentication in the embedded web server and that attackers could use GET requests to obtain sensitive device information. The advisory lists CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5) and notes that GIC did not respond to CISA’s coordination attempts.
Official resources
-
CVE-2025-59780 CVE record
CVE.org
-
CVE-2025-59780 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Initial CISA publication on 2025-11-13 as ICSA-25-317-08. The supplied source states General Industrial Controls did not respond to CISA’s coordination attempts.