CVE-2025-59780
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-15
Last updated on: 2025-11-15
Assigner: ICS-CERT
Description
Description
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which
could allow an attacker to send GET requests to obtain sensitive device
information.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| general_industrial_controls | lynx_gateway | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the General Industrial Controls Lynx+ Gateway, where the embedded web server lacks critical authentication. This means an attacker can send GET requests without needing to authenticate and obtain sensitive device information.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive device information, potentially allowing attackers to gain insights into the device's configuration or operation, which could be used for further attacks or exploitation.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70