LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.
Weakness
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| L-inx_configurator | Loytec | 7.4.10 (including) | 7.4.10 (including) |
Potential Mitigations
Related Attack Patterns
References
- https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html
- https://seclists.org/fulldisclosure/2023/Nov/6
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
- https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/
- http://seclists.org/fulldisclosure/2023/Nov/6
- https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html
- https://seclists.org/fulldisclosure/2023/Nov/6
- https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/