General Industrial Controls Lynx+ Gateway

Plan PatchCVSS 10ICS-CERT ICSA-25-317-08Nov 13, 2025

Manufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities (CWE-521, CWE-306, CWE-319) in General Industrial Controls Lynx+ Gateway allow unauthenticated remote attackers with network access to obtain sensitive device information, gain unauthorized access, or cause denial of service. All tested firmware versions (R08, V03, V05, V18) are affected. The vulnerabilities stem from weak credential handling and information exposure. General Industrial Controls has not coordinated with CISA and indicates no fix is available.

What this means

What could happen

An attacker could exploit vulnerabilities in the Lynx+ Gateway to obtain sensitive device information, gain unauthorized access, or cause the gateway to stop responding. This could disrupt communication between control systems and remote monitoring, affecting production or process visibility.

Who's at risk

Manufacturing facilities operating General Industrial Controls Lynx+ Gateway devices for process monitoring and control communication are affected. This includes any environment where the Lynx+ Gateway serves as a communication bridge between control systems and remote monitoring, engineering workstations, or corporate networks.

How it could be exploited

An attacker with network access to the Lynx+ Gateway could send specially crafted requests to exploit weak credential handling or exposed device information endpoints. No authentication is required to attempt exploitation, allowing an attacker to probe and compromise the device directly from the network.

Prerequisites

Network access to the Lynx+ Gateway
The device is reachable from an untrusted network or the internet

remotely exploitableno authentication requiredlow complexityno patch availableaffects industrial gateway/control device communication

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

4 pending

ProductAffected VersionsFix Status

Lynx+ Gateway: R08R08No fix yet

Lynx+ Gateway: V03V03No fix yet

Lynx+ Gateway: V05V05No fix yet

Lynx+ Gateway: V18V18No fix yet

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDRestrict network access to Lynx+ Gateway devices to only authorized control system networks and engineering workstations using firewall rules or network segmentation

WORKAROUNDEnsure Lynx+ Gateway devices are not directly accessible from the internet; verify firewall rules block inbound access from public networks

WORKAROUNDContact General Industrial Controls directly to request technical guidance and potential security updates or workarounds

Long-term hardening

0/1

HARDENINGIf remote access to Lynx+ Gateway is required, implement VPN with current security patches and strong authentication to limit exposure

CVEs (4)

CVE-2025-55034 CVE-2025-58083 CVE-2025-59780 CVE-2025-62765

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a9c47b3f-d4c9-4fc0-b906-403ccc25ddda

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.