CVE-2025-55034

Summary

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.

Affected Software

VendorProductVersion RangeStatus
General Industrial ControlsLynx+ GatewayVersion R08affected
General Industrial ControlsLynx+ GatewayVersion V03affected
General Industrial ControlsLynx+ GatewayVersion V05affected
General Industrial ControlsLynx+ GatewayVersion V18affected

Weaknesses

  • CWE-521: CWE-521

Workarounds

General Industrial Controls (GIC) did not respond to CISA's attempts to coordinate. Users of General Industrial Controls Lynx+ Gateway are encouraged to reach out to GIC for more information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References