CVE-2025-55034 | THREATINT

Description

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.

PUBLISHED Reserved 2025-11-06 | Published 2025-11-14 | Updated 2025-11-17 | Assigner icscert

HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-521

Product status

Default status

unaffected

Version R08

affected

Version V03

affected

Version V05

affected

Version V18

affected

Credits

Abhishek Pandey from Payatu Security Consulting Pvt. Ltd. reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-317-08

github.com/...p/csaf_files/OT/white/2025/icsa-25-317-08.json

cve.org (CVE-2025-55034)

nvd.nist.gov (CVE-2025-55034)

Download JSON