ICSA-24-247-01
·
Published 2024-09-03
·
View on CISA ICS-CERT ↗
LOYTEC Electronics LINX Series
CVSS 8.2
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or make modifications to an affected device.
CVEs (10)
Remediations
- LOYTEC recommends customers using the affected products to update to version 8.2.8. Additionally, LOYTEC recommends the following actions:
- For CVE-2023-46380, CVE-2023-46382, CVE-2023-46383,CVE-2023-46385: Disable HTTP on the LOYTEC device as recomended by LOYTEC's security hardening guide.
- For CVE-2023-46381: Upgrade to latest firmware. Permissions on LWEB projects have been hardened.
- For CVE-2023-46384: Patch will be published in LINX Configurator.
- For CVE-2023-46386, CVE-2023-46388: LINX firmware will implement encrypted storage of SMTP credentials. Patch will be published as LINX firmware upgrade.
- For CVE-2023-46387, CVE-2023-46389: Current firmware protects registry.xml and dpal_config.zml by admin access. Upgrade to latest firmware.
Affected Vendors
LOYTEC electronics GmbH
Affected Products (7)
LOYTEC electronics GmbH
·
LINX-151
vers:all/*
LOYTEC electronics GmbH
·
LINX-212
vers:all/*
LOYTEC electronics GmbH
·
LVIS-3ME12-A1
vers:all/*
LOYTEC electronics GmbH
·
LIOB-586
vers:all/*
LOYTEC electronics GmbH
·
LIOB-580 V2
vers:all/*
LOYTEC electronics GmbH
·
LIOB-588
vers:all/*
LOYTEC electronics GmbH
·
L-INX Configurator
vers:all/*
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more