CVE-2023-46382 - Vulnerability Details - OpenCVE

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Loytec	Linx-212 Linx-212 Firmware Liob-586 Liob-586 Firmware Lvis-3me12-a1 Lvis-3me12-a1 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*

cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:loytec:lvis-3me12-a1_firmware:6.2.2:*:*:*:*:*:*:*

cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:loytec:liob-586_firmware:6.2.3:*:*:*:*:*:*:*

cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html
https://seclists.org/fulldisclosure/2023/Nov/0
https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/

History

Thu, 19 Sep 2024 19:45:00 +0000

Type	Values Removed	Values Added
Description	LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.	LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
References		https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-04T00:00:00

Updated: 2024-09-19T19:27:40.674719

Reserved: 2023-10-23T00:00:00

Link: CVE-2023-46382

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-04T23:15:08.003

Modified: 2024-11-21T08:28:24.980

Link: CVE-2023-46382

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:loytec:linx-212_firmware:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0C622E98-9108-440E-B554-EBE91708B534", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*", "matchCriteriaId": "35956253-8D61-434C-9C03-96E6C69FB9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:loytec:lvis-3me12-a1_firmware:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "338AF9A1-BD5E-4955-B9F2-BF38F1D33660", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:loytec:lvis-3me12-a1:-:*:*:*:*:*:*:*", "matchCriteriaId": "D31C7C60-0476-43F9-9471-1976F569B9DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:loytec:liob-586_firmware:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B2AE346-27B5-45B0-9DF9-AE4DF99377D8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:loytec:liob-586:-:*:*:*:*:*:*:*", "matchCriteriaId": "798F75E0-8B29-4F1B-BBB8-82B97CBC7138", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login."}, {"lang": "es", "value": "Los dispositivos LOYTEC LINX-212 firmware 6.2.4 y LVIS-3ME12-A1 firmware 6.2.2 y LIOB-586 firmware 6.2.3 utilizan HTTP de texto plano para iniciar sesi\u00f3n."}], "id": "CVE-2023-46382", "lastModified": "2024-11-21T08:28:24.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-04T23:15:08.003", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2023/Nov/0"}, {"source": "cve@mitre.org", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"}, {"source": "cve@mitre.org", "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2023/Nov/0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}