LOYTEC Router Information Exposure Vulnerability

Act Now9.1ICS-CERT ICSA-15-342-02Sep 10, 2015

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The LOYTEC router family (LIP-3ECTB, LINX-100, LVIS-3E100, LIP-ME201) contains an information exposure vulnerability that allows unauthenticated attackers with network access to retrieve sensitive configuration data. The affected devices expose configuration files and system information without requiring credentials. This could allow attackers to obtain credentials and network topology information to facilitate further compromise of building automation and control systems.

What this means

What could happen

An attacker with network access to a LOYTEC router could retrieve sensitive configuration data, including credentials and network settings, without authentication. This information could then be used to access other systems or devices on your network.

Who's at risk

Building automation and energy management systems operators using LOYTEC networking equipment (LIP-3ECTB routers, LINX-100, LVIS-3E100, and LIP-ME201 devices). This affects facilities managers, energy control systems, and any organization relying on LOYTEC for HVAC, lighting, or building management network connectivity.

How it could be exploited

An attacker sends network requests to the LOYTEC router (LIP-3ECTB, LINX-100, LVIS-3E100, or LIP-ME201) to retrieve configuration files or system information. Because no authentication is required, the attacker retrieves sensitive data such as login credentials and network topology details directly from the exposed endpoints.

Prerequisites

Network reachability to the LOYTEC router on the ports it exposes for management or configuration
No authentication required

Remotely exploitableNo authentication requiredLow complexityNo patch availableHigh CVSS score (9.1)

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (4)

4 EOL

ProductAffected VersionsFix Status

LIP-3ECTB: 6.0.16.0.1No fix (EOL)

LINX-100: vers:all/*All versionsNo fix (EOL)

LVIS-3E100: vers:all/*All versionsNo fix (EOL)

LIP-ME201: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGImplement network segmentation to restrict access to LOYTEC routers to only authorized management workstations and systems

WORKAROUNDDeploy firewall rules to block unauthorized access to management ports on affected LOYTEC routers

HARDENINGReview and rotate all credentials that may have been exposed or stored on affected routers

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from LOYTEC routers for suspicious access patterns

CVEs (1)

CVE-2015-7906

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3bf67aa9-0531-4a95-bc59-26567b404183