PatchSiren cyber security CVE debrief
CVE-2023-46383 LOYTEC electronics GmbH CVE debrief
LOYTEC electronics GmbH LINX Configurator 7.4.10 transmits authentication credentials using HTTP Basic Authentication, which encodes usernames and passwords in base64—a reversible encoding that provides no cryptographic protection. Remote attackers positioned to intercept network traffic can capture these credentials and obtain full administrative control over affected LOYTEC device configurations. The vulnerability affects seven product variants across the LINX series, LVIS, and LIOB product families. CISA published this advisory on September 3, 2024, as ICSA-24-247-01. The vendor has released version 8.2.8 to address this issue and recommends disabling HTTP in accordance with their security hardening guidance.
- Vendor
- LOYTEC electronics GmbH
- Product
- LINX-151
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-03
- Original CVE updated
- 2024-09-03
- Advisory published
- 2024-09-03
- Advisory updated
- 2024-09-03
Who should care
Organizations operating LOYTEC building automation, HVAC control, or industrial IoT systems; OT security teams managing LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, or LIOB-588 devices; facility managers with LOYTEC deployments; and critical infrastructure operators with LOYTEC components in their control networks.
Technical summary
The L-INX Configurator and related LOYTEC devices use HTTP Basic Authentication for administrative access. This authentication scheme transmits credentials encoded with base64, which is trivially reversible and provides no confidentiality protection. An attacker with network visibility to device management traffic can extract valid credentials and authenticate to the device configuration interface, gaining full control. The vulnerability is remotely exploitable without authentication and requires no user interaction.
Defensive priority
HIGH
Recommended defensive actions
- Update affected LOYTEC devices to version 8.2.8 or later
- Disable HTTP on affected LOYTEC devices per the vendor's security hardening guide
- Implement network segmentation to limit exposure of LOYTEC device management interfaces
- Monitor for unauthorized configuration changes on LOYTEC devices
- Review and rotate credentials for affected devices if HTTP was previously enabled
Evidence notes
CISA CSAF advisory ICSA-24-247-01 identifies HTTP Basic Authentication as the vulnerable mechanism, with base64-encoded credential transmission enabling credential theft. CVSS 3.1 score of 7.5 (HIGH) reflects network attack vector, low attack complexity, and no required privileges or user interaction.
Official resources
-
CVE-2023-46383 CVE record
CVE.org
-
CVE-2023-46383 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-03