CVE-2026-1633 Synectix CVE debrief

Who should care

ICS/OT operators, site administrators, and network engineers responsible for Synectix LAN 232 TRIO deployments should treat this as urgent, especially where the web management interface is reachable on any trusted or untrusted network.

Technical summary

The advisory describes a missing-authentication condition on the LAN 232 TRIO web management interface. CISA assigns a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H with a score of 10.0, reflecting network accessibility, no privileges required, no user interaction, and severe impact if the interface is reached. The advisory notes the affected product is end-of-life, so vendor firmware remediation is not expected.

Defensive priority

Immediate

Recommended defensive actions

• Identify all Synectix LAN 232 TRIO devices and confirm whether the web management interface is reachable from any network segment.
• Restrict access to the management interface to the smallest possible administrative network and remove any unnecessary exposure.
• Treat the device as end-of-life and plan replacement or retirement, since the advisory says Synectix is no longer in business and fixes are unavailable.
• Review device configuration and access controls for unauthorized changes or unexpected factory resets.
• Monitor adjacent network segments and management planes for unauthorized access attempts against the device interface.

Evidence notes

Primary evidence comes from CISA’s CSAF advisory ICSA-26-034-04 published on 2026-02-03 and the linked CISA advisory page. The advisory text states the web management interface is exposed without authentication and that unauthenticated users can modify critical settings or factory reset the device. The remediation section says the affected products should be considered end-of-life because Synectix is no longer in business, leaving no firmware fix path.

Official resources