Full Disclosure mailing list archives
[CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)
From: Chizuru Toyama <chizuru_toyama () txone com>
Date: Thu, 23 Nov 2023 02:57:14 +0000
[+] CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 [+] Title : Multiple vulnerabilities in Loytec L-INX Automation Servers [+] Vendor : LOYTEC electronics GmbH [+] Affected Product(s) : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 [+] Affected Components : L-INX Automation Servers [+] Discovery Date : 01-Sep-2021 [+] Publication date : 03-Nov-2023 [+] Discovered by : Chizuru Toyama of TXOne networks [Vulnerability Description] CVE-2023-46386 : Insecure Permissions 'registry.xml' file contains hard-coded clear text credentials for smtp client account. If an attacker succeeds in getting registry.xml file, the email account could be compromised. Password should be encrypted. CVE-2023-46387 : Improper Access Control '/var/lib/lgtw/dpal_config.zml' file is accessible via file download API. 'dpal_config.wbx' which is extracted from 'dpal_config.zml' includes sensitive configuration information such as smtp client information. Authentication is required to exploit this vulnerability. http://<IP>:<port>/DT?filename=/var/lib/lgtw/dpal_config.zml CVE-2023-46388 : Insecure Permissions 'dpal_config.wbx' file contains hard-coded clear text credentials for smtp client account. If an attacker succeeds in getting dpal_config.zml file, the email account could be compromised. Password should be encrypted. CVE-2023-46389 : Improper Access Control '/tmp/registry.xml' file is accessible via file download API. 'registry.xml' includes device configuration information which includes sensitive information such as smtp client information. Authentication is required to exploit this vulnerability. http://<IP>:<port>/DT?filename=/tmp/registry.xml [Timeline] 01-Sep-2021 : Vulnerabilities discovered 13-Oct-2021 : Trend Micro ZDI (Zero Day Initiative) reported to vendor (no response) 07-Oct-2022 : ICS CERT reported to vendor (no response) 03-Nov-2023 : Public Disclosure _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3) Chizuru Toyama (Nov 27)