OTPulse
FeedAboutContact

I-GEN opLYNX Central Authentication Bypass

Low RiskICS-CERT ICSA-12-362-01Sep 30, 2012
Summary

I-GEN opLYNX Central version 2.01.8 and earlier contains an authentication bypass vulnerability (CWE-592) that allows unauthenticated remote attackers to gain unauthorized access to the central building automation system. The vulnerability affects systems used for controlling HVAC, lighting, security, and other building infrastructure. No patch is available from the vendor.

What this means
What could happen
An attacker who gains access to the opLYNX Central system could bypass authentication controls and gain unauthorized access to critical building automation functions, potentially allowing manipulation of HVAC, lighting, or security systems.
Who's at risk
Operators of building automation and control systems using I-GEN opLYNX Central for managing HVAC, lighting, access control, and energy management. This affects facilities management teams at universities, hospitals, office buildings, and municipal buildings that rely on opLYNX for centralized building control.
How it could be exploited
An attacker with network access to the opLYNX Central server could exploit the authentication bypass vulnerability to access the system without valid credentials. Once authenticated, the attacker could modify system configurations, disable alarms, or alter automation rules that control building operations.
Prerequisites
  • Network access to opLYNX Central server port or interface
  • No valid credentials required
remotely exploitableno authentication requiredno patch availablelow complexity
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
opLYNX: <=2.01.8≤ 2.01.8No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGImplement network segmentation to isolate opLYNX Central from untrusted networks and limit access to authorized administrative workstations only
WORKAROUNDDeploy firewall rules to restrict inbound connections to opLYNX Central to specific IP addresses of known administrators or engineering workstations
HARDENINGMonitor opLYNX Central access logs and authentication attempts for unauthorized access patterns
Mitigations - no patch available
0/1
opLYNX: <=2.01.8 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGEvaluate migration to a newer building automation system with active vendor support, as opLYNX version 2.01.8 will not receive security patches
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/164b7ec3-db09-4590-8ba0-3583ed50d9ab
I-GEN opLYNX Central Authentication Bypass - OTPulse