CVE-2023-46380 is a high-severity vulnerability affecting multiple LOYTEC devices, specifically the LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, and L-INX Configurator devices across all versions. The core issue is that these devices transmit password-change requests over unencrypted HTTP connections, exposing sensitive credentials to interception by attackers. This vulnerability is classified under CWE-319, which pertains to the cleartext transmission of sensitive information. Because the password-change requests are sent in cleartext, any attacker with network access—such as on the same local network or via compromised network infrastructure—can perform passive eavesdropping to capture these credentials. The CVSS 3.1 base score is 7.5, indicating a high severity level. The vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) shows that the attack can be performed remotely over the network without authentication or user interaction, and the impact is primarily on confidentiality, with no direct impact on integrity or availability. No known exploits are currently reported in the wild, but the ease of exploitation and the sensitivity of the data transmitted make this a significant risk. The lack of available patches or vendor-provided mitigations at the time of publication increases the urgency for organizations to implement compensating controls. These devices are typically used in building automation and control systems, which are critical infrastructure components in many commercial and industrial environments.

For European organizations, this vulnerability poses a substantial risk to the confidentiality of credentials used in building automation systems. Successful interception of password-change requests could allow attackers to gain unauthorized access to these devices, potentially leading to further compromise of building management systems, unauthorized control of HVAC, lighting, or security systems, and subsequent operational disruptions or safety hazards. Given the increasing integration of building automation with IT networks, attackers could leverage this foothold to pivot into broader enterprise networks. The exposure of credentials in cleartext also increases the risk of credential reuse attacks if the same passwords are used elsewhere. This vulnerability is particularly concerning for organizations in sectors such as critical infrastructure, manufacturing, healthcare, and large commercial real estate, where building automation systems are integral to daily operations and safety.

Immediate mitigation should focus on network-level protections since no patches are currently available. Organizations should implement network segmentation to isolate LOYTEC devices from general IT networks and restrict access to trusted management stations only. Deploying network monitoring and intrusion detection systems to identify suspicious traffic patterns related to these devices is recommended. Use of VPNs or secure tunnels (e.g., IPsec) to encrypt management traffic can compensate for the lack of encryption in the device communication. Additionally, organizations should enforce strong password policies and consider changing passwords frequently to limit the window of exposure. Where possible, disable remote management interfaces or restrict them to secure management VLANs. Engaging with LOYTEC for updates or firmware patches is essential, and organizations should monitor for vendor advisories. Finally, conducting regular security assessments of building automation networks will help identify and remediate similar risks.