PatchSiren

PatchSiren cyber security CVE debrief

CVE-2023-46387 LOYTEC electronics GmbH CVE debrief

CVE-2023-46387 is a HIGH severity (CVSS 7.5) incorrect access control vulnerability in LOYTEC Electronics LINX Series industrial control devices. Published on September 3, 2024, this vulnerability affects LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4, allowing remote attackers to disclose sensitive device data point configuration information via unauthorized access to the dpal_config.zml file. The CISA advisory ICSA-24-247-01 identifies seven affected products total, including additional LVIS and LIOB series devices and the L-INX Configurator software. The vulnerability requires no authentication and is remotely exploitable with low attack complexity, posing significant risk to operational technology environments where configuration data exposure could facilitate further targeting of building automation and industrial control systems.

Vendor
LOYTEC electronics GmbH
Product
LINX-151
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2024-09-03
Original CVE updated
2024-09-03
Advisory published
2024-09-03
Advisory updated
2024-09-03

Who should care

Organizations operating LOYTEC building automation and industrial control systems including facility managers, OT security teams, system integrators deploying LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588 devices, and critical infrastructure operators relying on LOYTEC technology for environmental control and building management systems.

Technical summary

The vulnerability exists in the access control implementation for the dpal_config.zml configuration file on LOYTEC LINX series devices. Affected firmware versions (LINX-212 6.2.4, LINX-151 7.2.4) fail to enforce administrative authentication for this file, permitting remote unauthenticated attackers to retrieve sensitive device data point configuration information. The dpal_config.zml file contains data point configuration details that could reveal system topology, control parameters, and operational characteristics. Updated firmware version 8.2.8 implements proper administrative access controls for both dpal_config.zml and registry.xml files. The vulnerability is network-accessible with no privileges required and no user interaction needed, resulting in CVSS 3.1 score of 7.5 (HIGH).

Defensive priority

HIGH

Recommended defensive actions

  • Update affected LOYTEC devices to firmware version 8.2.8 or later to obtain administrative access controls protecting registry.xml and dpal_config.zml files
  • Verify that dpal_config.zml and registry.xml files are no longer accessible without administrative authentication after firmware update
  • Apply network segmentation to isolate affected LOYTEC devices from untrusted networks and internet-facing systems
  • Monitor for unauthorized access attempts to configuration files on LOYTEC device web interfaces or file systems
  • Review device data point configurations for signs of unauthorized access or exfiltration if devices were potentially exposed prior to patching
  • Implement defense-in-depth strategies per CISA ICS recommended practices for industrial control systems

Evidence notes

CISA CSAF advisory ICSA-24-247-01 published 2024-09-03 identifies incorrect access control via dpal_config.zml file as the vulnerability vector. Advisory specifies LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 as affected versions, with seven total products affected including LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, and L-INX Configurator. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N confirms network-accessible, unauthenticated information disclosure. Remediation guidance specifies firmware version 8.2.8 as the update target and notes that current firmware protects registry.xml and dpal_config.zml by admin access.

Official resources

2024-09-03