PatchSiren cyber security CVE debrief

CVE-2023-46389 LOYTEC electronics GmbH CVE debrief

CVE-2023-46389 is an incorrect access control vulnerability in LOYTEC electronics GmbH LINX automation devices that allows unauthenticated remote attackers to disclose sensitive configuration information via the registry.xml file. The vulnerability affects LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4, with CISA noting that the affected product list extends to additional LOYTEC devices including LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, and L-INX Configurator. Published on September 3, 2024, this vulnerability carries a HIGH severity CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting its network-exploitable, low-complexity nature that enables information disclosure without authentication. The root cause is improper access controls on the registry.xml configuration file, which can be accessed remotely to expose sensitive LINX device configuration data. LOYTEC has addressed this vulnerability in firmware version 8.2.8, which implements administrative access protection for registry.xml and dpal_config.zml files. Organizations operating affected LOYTEC automation infrastructure should prioritize firmware updates and implement network segmentation controls to limit exposure of these devices to untrusted networks.

Vendor: LOYTEC electronics GmbH
Product: LINX-151
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-09-03
Original CVE updated: 2024-09-03
Advisory published: 2024-09-03
Advisory updated: 2024-09-03

Who should care

Organizations operating LOYTEC building automation, industrial control, or IoT gateway infrastructure; OT security teams managing LOYTEC LINX, LVIS, and LIOB product deployments; facility managers and system integrators responsible for LOYTEC device maintenance; critical infrastructure operators with LOYTEC components in their control networks

Technical summary

CVE-2023-46389 is an incorrect access control vulnerability (CWE-284) in LOYTEC electronics GmbH LINX automation devices. The vulnerability exists in the handling of the registry.xml configuration file, which lacks proper access controls allowing unauthenticated remote attackers to retrieve sensitive device configuration information. Affected versions include LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4. The vulnerability is remotely exploitable without authentication, requires low attack complexity, and results in high confidentiality impact. LOYTEC has remediated this issue in firmware version 8.2.8 by implementing administrative access requirements for registry.xml and dpal_config.zml files. The vulnerability affects multiple product lines in the LOYTEC automation portfolio beyond the initially identified LINX devices.

Defensive priority

HIGH

Recommended defensive actions

Update affected LOYTEC devices to firmware version 8.2.8 or later to implement administrative access protection for registry.xml and dpal_config.zml files
Verify that registry.xml and dpal_config.zml files are no longer accessible without authentication after firmware update
Implement network segmentation to restrict LOYTEC device management interfaces to authorized administrative networks only
Review device configurations for unauthorized access indicators if devices were exposed to untrusted networks prior to patching
Apply CISA ICS recommended practices for securing industrial control systems in OT environments
Monitor for anomalous access attempts to configuration files on LOYTEC automation infrastructure

Evidence notes

Vulnerability details sourced from CISA CSAF advisory ICSA-24-247-01. CVSS vector confirmed as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. Remediation guidance specifies firmware version 8.2.8 as the fixed version with administrative access controls implemented for registry.xml and dpal_config.zml.

Official resources

2024-09-03