PatchSiren cyber security CVE debrief
CVE-2023-46381 LOYTEC electronics GmbH CVE debrief
CVE-2023-46381 is a HIGH severity vulnerability (CVSS 3.1: 8.2) affecting LOYTEC Electronics LINX Series building automation devices. Published September 3, 2024, this vulnerability exposes a critical authentication bypass in the preinstalled LWEB-802 web visualization component. Affected firmware versions include LINX-212 6.2.4, LVIS-3ME12-A1 6.2.2, and LIOB-586 6.2.3. The vulnerability allows unauthenticated remote attackers to access the `lweb802_pre/` URI endpoint without credentials, enabling complete project manipulation—including editing existing projects, creating new projects, and assuming full control of the graphical user interface. This represents a significant integrity and availability risk for building management systems, as attackers could alter HVAC, lighting, or access control configurations without detection. The attack vector is network-based, requires no privileges or user interaction, and can be exploited with low complexity. LOYTEC has released firmware version 8.2.8 to address this vulnerability, which hardens permissions on LWEB projects. Organizations should prioritize patching, especially for internet-exposed devices, and implement network segmentation to restrict access to LWEB-802 interfaces.
- Vendor
- LOYTEC electronics GmbH
- Product
- LINX-151
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-03
- Original CVE updated
- 2024-09-03
- Advisory published
- 2024-09-03
- Advisory updated
- 2024-09-03
Who should care
Organizations operating LOYTEC building automation systems including facility managers, critical infrastructure operators, smart building integrators, and OT security teams responsible for HVAC, lighting, and physical access control systems
Technical summary
The vulnerability exists in the preinstalled LWEB-802 web visualization component on LOYTEC building automation devices. The `lweb802_pre/` URI endpoint lacks authentication controls, allowing unauthenticated HTTP requests to access project management functions. Attackers can perform project creation, modification, and GUI control operations without valid credentials. The vulnerability affects firmware versions 6.2.4 (LINX-212), 6.2.2 (LVIS-3ME12-A1), and 6.2.3 (LIOB-586). Remediation in firmware 8.2.8 implements hardened permissions on LWEB projects to prevent unauthorized access.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade affected LOYTEC devices to firmware version 8.2.8 or later to remediate CVE-2023-46381
- Restrict network access to LWEB-802 interfaces using firewall rules or network segmentation
- Audit existing LWEB projects for unauthorized modifications if devices were potentially exposed
- Disable or remove the preinstalled LWEB-802 instance if not required for operations
- Monitor network traffic for unauthorized access attempts to lweb802_pre/ URI paths
- Review and harden permissions on all LWEB projects as part of post-remediation validation
- Apply CISA ICS recommended practices for securing building automation systems
Evidence notes
Vulnerability details sourced from CISA ICS Advisory ICSA-24-247-01. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L confirmed via FIRST CVSS calculator reference. Affected products and remediation guidance extracted from CSAF product tree and remediations sections. Firmware version 8.2.8 specified as remediation in source advisory.
Official resources
-
CVE-2023-46381 CVE record
CVE.org
-
CVE-2023-46381 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-03