A critical authentication vulnerability has been discovered in the General Industrial Controls Lynx+ Gateway. This flaw allows an unauthenticated attacker with network access to retrieve sensitive device information, potentially exposing critical operational data and aiding in further attacks against industrial control systems.

The embedded web server on the General Industrial Controls Lynx+ Gateway lacks proper authentication controls for certain functions. An unauthenticated attacker with network access to the device can send specially crafted HTTP GET requests to specific API endpoints. Because no authentication is required, the server will process these requests and respond with sensitive device information, which may include configuration settings, network details, device status, and other operational data.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could lead to a significant breach of operational intelligence. The exposed information provides a clear roadmap for attackers to conduct reconnaissance, understand the operational technology (OT) environment, and plan more sophisticated and disruptive attacks. For an organization, this could result in unauthorized access to critical infrastructure controls, process manipulation, production downtime, and theft of proprietary information.

Immediate Action: Apply the security updates provided by General Industrial Controls to all affected Lynx+ Gateway devices immediately. After patching, review web server access logs for any anomalous or unauthorized GET requests that may have occurred prior to the update.

Proactive Monitoring: Security teams should configure network monitoring to detect and alert on unusual patterns of HTTP GET requests targeting the Lynx+ Gateway devices. Specifically, monitor for a high volume of requests from non-administrative IP addresses or requests targeting known sensitive URLs or API endpoints on the device.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:

• Use a firewall or network access control lists (ACLs) to restrict access to the device's web interface (typically on ports 80/443) to a limited set of trusted administrative workstations.
• Ensure the affected devices are not exposed directly to the internet and are properly segmented from the corporate IT network.
• Deploy an Intrusion Detection/Prevention System (IDS/IPS) with signatures capable of identifying and blocking exploitation attempts against this vulnerability.

Public Exploit Available: false

Given the High severity rating and its impact on a critical industrial control system component, this vulnerability requires immediate attention. The lack of authentication makes it an easy target for any attacker who has gained initial access to the OT network. Although CVE-2025-59780 is not currently listed on the CISA KEV catalog, its potential to facilitate disruption of critical infrastructure warrants a high-priority response. We strongly recommend that organizations apply the vendor-supplied patches immediately or implement the suggested compensating controls without delay to mitigate this significant risk.