CVE-2023-46384

Published: Nov 30, 2023Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.

Affected (1)

Products: Loytec: L Inx Configurator

Loytec

1 product

L Inx Configurator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Loytec L Inx Configurator	Version 7.4.10

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (8)

https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2023/Nov/6

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01

Source: cve@mitre.org

https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2023/Nov/6

Source: af854a3a-2127-422b-91ae-364da2661108

https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2023/Nov/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.