CVE-2023-46384

Опубликовано: 30 нояб. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.

Ссылки

https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2023/Nov/6
Mailing List
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/
http://seclists.org/fulldisclosure/2023/Nov/6
https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2023/Nov/6
Mailing List
Third Party Advisory
https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00131

Низкий

7.5 High

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-9vjx-qhgp-wfvm