GCVE - cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:loytec:linx-212:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Loytec (`6190caa2-852a-5dba-b6c8-40e7b31c6b3d`)
Product	Linx 212 (`76987a41-4ec5-52db-be37-b1f628e636a0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-46389`	not_vulnerable	2026-06-03 14:53:10.007346	Details available LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. Published: 2023-11-30T00:00:00.000Z Updated: 2024-09-20T16:48:00.947Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Nov/7 http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46388`	not_vulnerable	2026-06-03 14:53:10.007002	Details available LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. Published: 2023-11-30T00:00:00.000Z Updated: 2024-09-20T16:46:38.362Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Nov/7 http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46387`	not_vulnerable	2026-06-03 14:53:10.006642	Details available LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. Published: 2023-11-30T00:00:00.000Z Updated: 2024-11-26T19:22:17.670Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Nov/7 http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46386`	not_vulnerable	2026-06-03 14:53:10.004751	Details available LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. Published: 2023-11-30T00:00:00.000Z Updated: 2024-09-20T16:43:34.463Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2023/Nov/7 http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46382`	not_vulnerable	2026-06-03 14:53:10.000913	Details available LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login. Published: 2023-11-04T00:00:00.000Z Updated: 2025-11-04T19:25:37.303Z Open on db.gcve.eu Reference links https://seclists.org/fulldisclosure/2023/Nov/0 http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46381`	not_vulnerable	2026-06-03 14:53:10.000495	Details available LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. Published: 2023-11-04T00:00:00.000Z Updated: 2025-11-04T19:25:36.230Z Open on db.gcve.eu Reference links https://seclists.org/fulldisclosure/2023/Nov/0 http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46380`	not_vulnerable	2026-06-03 14:53:09.998168	Details available LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. Published: 2023-11-04T00:00:00.000Z Updated: 2025-11-04T19:25:35.144Z Open on db.gcve.eu Reference links https://seclists.org/fulldisclosure/2023/Nov/0 http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46380`	vulnerable	2026-06-03 14:53:09.991846	Details available LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. Published: 2023-11-04T00:00:00.000Z Updated: 2025-11-04T19:25:35.144Z Open on db.gcve.eu Reference links https://seclists.org/fulldisclosure/2023/Nov/0 http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.