Loytec L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels Cleartext Transmission of Sensitive Information Vulnerability
2023-11-03
| CVE ID | CVE-2023-46380 |
|---|---|
| Severity | High |
| Affected Vendors | LOYTEC electronics GmbH |
| Affected Products | LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3 |
| Vulnerability Details | Password change request on the web interface on LOYTEC devices is sent in clear text over HTTP, and this allows information theft and account takeover via network sniffing. |
| Solutions & Rules | N/A |
| Credit | Chizuru Toyama of TXOne Networks |