CVE-2023-46384 - OpenCVE

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Loytec	L-inx Configurator

Configuration 1 [-]

cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2023/Nov/6
https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html
https://seclists.org/fulldisclosure/2023/Nov/6
https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/

History

Tue, 04 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2023/Nov/6

Fri, 20 Sep 2024 17:00:00 +0000

Type	Values Removed	Values Added
Description	LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.	LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device.
References		https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-30T00:00:00.000Z

Updated: 2025-11-04T19:25:39.442Z

Reserved: 2023-10-23T00:00:00.000Z

Link: CVE-2023-46384

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-30T23:15:07.423

Modified: 2025-11-04T20:17:10.077

Link: CVE-2023-46384

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-46384", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-04T19:25:39.442Z", "dateReserved": "2023-10-23T00:00:00.000Z", "datePublished": "2023-11-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-20T16:38:46.888Z"}, "descriptions": [{"lang": "en", "value": "LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "20231127 [CVE-2023-46383, CVE-2023-46384, CVE-2023-46385] Multiple vulnerabilities in Loytec products (2)", "tags": ["mailing-list"], "url": "https://seclists.org/fulldisclosure/2023/Nov/6"}, {"url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html"}, {"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"name": "20231127 [CVE-2023-46383, CVE-2023-46384, CVE-2023-46385] Multiple vulnerabilities in Loytec products (2)", "tags": ["mailing-list", "x_transferred"], "url": "https://seclists.org/fulldisclosure/2023/Nov/6"}, {"url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html", "tags": ["x_transferred"]}, {"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Nov/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T19:25:39.442Z"}}]}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:loytec:l-inx_configurator:7.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "3C033CD9-3C86-4361-AFC1-BAC7B361F0BB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device."}, {"lang": "es", "value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. El almacenamiento de credenciales en texto plano permite a atacantes remotos revelar la contrase\u00f1a de administrador y omitir una autenticaci\u00f3n para iniciar sesi\u00f3n en el dispositivo Loytec."}], "id": "CVE-2023-46384", "lastModified": "2025-11-04T20:17:10.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-11-30T23:15:07.423", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2023/Nov/6"}, {"source": "[email protected]", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"}, {"source": "[email protected]", "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2023/Nov/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2023/Nov/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "[email protected]", "type": "Primary"}]}