A high-severity vulnerability has been identified in the General Industrial Controls Lynx+ Gateway, which transmits sensitive data, including user credentials, in cleartext over the network. An attacker with access to the network traffic can intercept these credentials to gain unauthorized access to the industrial control system. This could lead to operational disruption, system manipulation, and potential safety incidents.

The device is vulnerable to Cleartext Transmission of Sensitive Information. The Lynx+ Gateway fails to encrypt network traffic for certain communications, including authentication sessions. An attacker positioned on the same local network (e.g., through a compromised device or physical access) can perform a Man-in-the-Middle (MitM) attack or use a network packet sniffing tool to capture and read the unencrypted data packets. This allows the direct observation of sensitive information, most critically usernames and passwords, as they are transmitted.

This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation could have a significant negative impact on business operations. An attacker who obtains credentials could gain administrative access to the industrial control gateway, potentially leading to unauthorized configuration changes, denial of service, or manipulation of physical processes controlled by the system. Specific risks include operational downtime, loss of control over industrial equipment, theft of proprietary operational data, and potential physical safety hazards for personnel and the environment.

Immediate Action: Apply vendor-supplied security updates to the affected General Industrial Controls Lynx+ Gateway devices immediately. After patching, review all system and access logs for any unusual or unauthorized login activity that may have occurred prior to remediation.

Proactive Monitoring: Implement enhanced monitoring of network traffic to and from the affected gateways. Security teams should look for signs of network sniffing, such as ARP spoofing, and monitor device logs for multiple failed login attempts followed by a successful one, especially from unfamiliar IP addresses.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Isolate the Lynx+ Gateway on a segmented network with strict access control lists (ACLs) to limit network visibility and access to only authorized personnel and systems.
• Enforce the use of a secure, encrypted channel (e.g., a VPN) for all remote and administrative access to the network segment where the device resides.
• Implement an Intrusion Detection System (IDS) on the network to detect and alert on potential sniffing or MitM attacks.

Public Exploit Available: false

Given the high CVSS score and the critical role of the affected device in an industrial environment, this vulnerability presents a significant risk. Although it is not currently listed on the CISA KEV catalog, organizations must prioritize the immediate application of vendor-supplied security updates across all affected assets. If patching must be delayed for operational reasons, the compensating controls listed above should be implemented as a matter of urgency to mitigate the risk of credential theft and unauthorized system access.