PatchSiren cyber security CVE debrief
CVE-2023-46386 LOYTEC electronics GmbH CVE debrief
CVE-2023-46386 is a HIGH severity vulnerability (CVSS 7.5) affecting LOYTEC electronics GmbH LINX series industrial control devices. The vulnerability stems from insecure permissions on the registry.xml configuration file, which allows remote attackers to disclose SMTP client account credentials and bypass email authentication. The affected products include LINX-151 (firmware 7.2.4), LINX-212 (firmware 6.2.4), and five additional product lines in the LOYTEC ecosystem. Published on September 3, 2024, this vulnerability exposes sensitive email authentication credentials that could enable further attacks against connected infrastructure. LOYTEC has committed to implementing encrypted storage of SMTP credentials in a firmware patch, with version 8.2.8 recommended as the remediation path. Organizations should prioritize updating affected devices and reviewing network segmentation for ICS/OT environments where these devices are deployed.
- Vendor
- LOYTEC electronics GmbH
- Product
- LINX-151
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-03
- Original CVE updated
- 2024-09-03
- Advisory published
- 2024-09-03
- Advisory updated
- 2024-09-03
Who should care
Organizations operating LOYTEC building automation and industrial control systems, particularly those using email notification features for alarms and system events. Critical infrastructure operators, facility management teams, and OT security teams responsible for HVAC, lighting, and building management systems should prioritize this vulnerability due to potential credential compromise enabling lateral movement and social engineering attacks.
Technical summary
The vulnerability exists in the registry.xml configuration file on LOYTEC LINX series devices, which is deployed with insecure permissions allowing unauthorized read access. This file contains SMTP client account credentials in plaintext or insufficiently protected form. Remote attackers can access this file to extract email authentication credentials, enabling them to bypass email authentication mechanisms and potentially leverage compromised email accounts for further attacks. The attack requires network access to the device but no authentication, with low attack complexity. The CVSS 3.1 score of 7.5 (HIGH) reflects significant confidentiality impact with no integrity or availability impact. LOYTEC's remediation approach involves implementing encrypted storage for SMTP credentials in firmware updates.
Defensive priority
HIGH
Recommended defensive actions
- Update affected LOYTEC LINX devices to firmware version 8.2.8 or later to obtain encrypted SMTP credential storage
- Review and rotate any SMTP credentials that may have been configured on affected devices prior to patching
- Implement network segmentation to restrict access to LOYTEC device management interfaces from untrusted networks
- Audit registry.xml file permissions on deployed devices to identify potential exposure
- Monitor for unauthorized access attempts to device configuration files
- Apply CISA ICS recommended practices for defense-in-depth in industrial control environments
Evidence notes
Vulnerability confirmed via CISA ICS advisory ICSA-24-247-01. Affected firmware versions explicitly identified as LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N confirms network-accessible, low-complexity attack with no privileges required. Vendor remediation commitment documented in CSAF remediation field specifying encrypted SMTP credential storage implementation.
Official resources
-
CVE-2023-46386 CVE record
CVE.org
-
CVE-2023-46386 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-03