lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <TYZPR03MB6472B6A7C3FDB77C8B03047CE7B9A@TYZPR03MB6472.apcprd03.prod.outlook.com>
Date: Thu, 23 Nov 2023 02:57:14 +0000
From: Chizuru Toyama <chizuru_toyama@...ne.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] [CVE-2023-46386, CVE-2023-46387, CVE-2023-46388,
 CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)


[+] CVE                                  : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389  
[+] Title                                 : Multiple vulnerabilities in Loytec L-INX Automation Servers
[+] Vendor                            : LOYTEC electronics GmbH
[+] Affected Product(s)      : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4
[+] Affected Components : L-INX Automation Servers
[+] Discovery Date              : 01-Sep-2021
[+] Publication date           : 03-Nov-2023
[+] Discovered by               : Chizuru Toyama of TXOne networks


[Vulnerability Description]

CVE-2023-46386 : Insecure Permissions
'registry.xml' file contains hard-coded clear text credentials for 
 smtp client account. If an attacker succeeds in getting registry.xml file, 
 the email account could be compromised. Password should be encrypted.

CVE-2023-46387 : Improper Access Control
'/var/lib/lgtw/dpal_config.zml' file is accessible via file download API. 
 'dpal_config.wbx' which is extracted from 'dpal_config.zml' includes
sensitive configuration information such as smtp client information.  
 Authentication is required to exploit this vulnerability.
http://<IP>:<port>/DT?filename=/var/lib/lgtw/dpal_config.zml

CVE-2023-46388 : Insecure Permissions
'dpal_config.wbx' file contains hard-coded clear text credentials for 
 smtp client account. If an attacker succeeds in getting dpal_config.zml file, 
 the email account could be compromised. Password should be encrypted.

CVE-2023-46389 : Improper Access Control
'/tmp/registry.xml' file is accessible via file download API. 
 'registry.xml' includes device configuration information which includes
sensitive information such as smtp client information. Authentication is
required to exploit this vulnerability.
http://<IP>:<port>/DT?filename=/tmp/registry.xml


[Timeline]

01-Sep-2021 : Vulnerabilities discovered
13-Oct-2021 : Trend Micro ZDI (Zero Day Initiative) reported to vendor (no response)
07-Oct-2022 : ICS CERT reported to vendor (no response)
03-Nov-2023 : Public Disclosure


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ