A critical vulnerability has been identified in multiple General Industrial Controls products, specifically affecting the Lynx+ Gateway. The flaw allows an unauthenticated attacker with network access to remotely reset the device by exploiting a lack of authentication on the embedded web server. Successful exploitation would result in a denial of service, leading to operational downtime and disruption of industrial processes.

The embedded web server on the affected devices contains a critical authentication bypass vulnerability. A specific function, designed to reset the device, does not require any authentication credentials before execution. An attacker with network access to the device's web interface can send a specially crafted, unauthenticated HTTP request to the vulnerable endpoint, which will trigger a device reboot or factory reset, leading to a denial-of-service condition.

This vulnerability is rated as critical severity with a CVSS score of 10, reflecting the ease of exploitation and the high impact on availability. Exploitation could lead to significant operational disruption by causing a denial of service in a critical industrial control system (ICS) component. The immediate consequences include production halts, loss of visibility into industrial processes, and potential safety risks depending on the controlled environment. The financial impact from unplanned downtime and the resources required for recovery could be substantial.

Immediate Action: Immediately apply the security updates provided by the vendor. Organizations should update all affected General Industrial Controls products to the latest version as per the manufacturer's instructions. After patching, monitor systems for any signs of exploitation attempts by reviewing device and network access logs for unusual activity.

Proactive Monitoring: Implement enhanced monitoring for network traffic to the affected devices' web servers (typically TCP ports 80/443). Look for unexpected HTTP requests, especially those targeting administrative or reset functions, originating from untrusted network segments. Configure system logs and alerts to flag unexpected device reboots or state changes that are not associated with scheduled maintenance.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Use a firewall or Access Control Lists (ACLs) to restrict network access to the device's web interface, allowing connections only from trusted administrative workstations.
• Implement network segmentation to isolate the ICS network from corporate and external networks, preventing remote access.
• If the web server functionality is not essential for operations, consider disabling it.

Public Exploit Available: false

Given the critical severity (CVSS 10) of this vulnerability and its potential to cause significant operational disruption, it is imperative that organizations prioritize the immediate application of the vendor-supplied patch. Although this CVE is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion and an attractive target for attackers. If patching cannot be performed immediately, the compensating controls listed above should be implemented without delay to reduce the attack surface and mitigate risk.