These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2023-46389 is an incorrect access control vulnerability in LOYTEC electronics GmbH LINX automation devices that allows unauthenticated remote attackers to disclose sensitive configuration information via the registry.xml file. The vulnerability affects LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4, with CISA noting that the affected product list extends to additional LOYTEC devices including LVI [truncated]
LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 contain an insecure permissions vulnerability in the dpal_config.zml file. This configuration weakness enables remote attackers to extract SMTP client account credentials and subsequently bypass email authentication mechanisms. The vulnerability carries a HIGH severity CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating network- [truncated]
CVE-2023-46387 is a HIGH severity (CVSS 7.5) incorrect access control vulnerability in LOYTEC Electronics LINX Series industrial control devices. Published on September 3, 2024, this vulnerability affects LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4, allowing remote attackers to disclose sensitive device data point configuration information via unauthorized access to the dpal_config.zml file. The C [truncated]
CVE-2023-46386 is a HIGH severity vulnerability (CVSS 7.5) affecting LOYTEC electronics GmbH LINX series industrial control devices. The vulnerability stems from insecure permissions on the registry.xml configuration file, which allows remote attackers to disclose SMTP client account credentials and bypass email authentication. The affected products include LINX-151 (firmware 7.2.4), LINX-212 (firmware 6. [truncated]
CVE-2023-46385 is a HIGH severity vulnerability (CVSS 7.5) affecting LOYTEC electronics GmbH LINX Configurator 7.4.10 and multiple LOYTEC device models. Published on September 3, 2024, this vulnerability involves insecure permissions where administrative credentials are transmitted as unencrypted URL parameters, enabling remote attackers to capture passwords and gain full control over device configuration [truncated]
LOYTEC electronics GmbH LINX Configurator 7.4.10 contains a vulnerability where credentials are stored in cleartext, enabling remote attackers to disclose the admin password and bypass authentication. The issue affects multiple LOYTEC LINX series devices and the L-INX Configurator software. CISA published advisory ICSA-24-247-01 on September 3, 2024, documenting this vulnerability with a CVSS 3.1 score of [truncated]
LOYTEC electronics GmbH LINX Configurator 7.4.10 transmits authentication credentials using HTTP Basic Authentication, which encodes usernames and passwords in base64—a reversible encoding that provides no cryptographic protection. Remote attackers positioned to intercept network traffic can capture these credentials and obtain full administrative control over affected LOYTEC device configurations. The vu [truncated]
LOYTEC Electronics LINX Series devices transmit authentication credentials in cleartext HTTP, exposing sensitive information to network eavesdropping. The vulnerability affects multiple product lines including LINX-212, LVIS-3ME12-A1, and LIOB-586 with specific firmware versions 6.2.4, 6.2.2, and 6.2.3 respectively. CISA published this advisory on September 3, 2024. The CVSS 3.1 score of 7.5 reflects high [truncated]
CVE-2023-46381 is a HIGH severity vulnerability (CVSS 3.1: 8.2) affecting LOYTEC Electronics LINX Series building automation devices. Published September 3, 2024, this vulnerability exposes a critical authentication bypass in the preinstalled LWEB-802 web visualization component. Affected firmware versions include LINX-212 6.2.4, LVIS-3ME12-A1 6.2.2, and LIOB-586 6.2.3. The vulnerability allows unauthenti [truncated]
LOYTEC Electronics LINX Series devices transmit password-change requests over unencrypted HTTP, exposing credentials to network eavesdropping. The vulnerability affects multiple product lines including LINX-212, LVIS-3ME12-A1, and LIOB-586 with specific firmware versions 6.2.4, 6.2.2, and 6.2.3 respectively. CISA published this advisory on September 3, 2024. The vendor has released firmware version 8.2.8 [truncated]
