CVE-2025-58083

Summary

General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.

Affected Software

VendorProductVersion RangeStatus
General Industrial ControlsLynx+ GatewayVersion R08affected
General Industrial ControlsLynx+ GatewayVersion V03affected
General Industrial ControlsLynx+ GatewayVersion V05affected
General Industrial ControlsLynx+ GatewayVersion V18affected

Weaknesses

  • CWE-306: CWE-306

Workarounds

General Industrial Controls (GIC) did not respond to CISA's attempts to coordinate. Users of General Industrial Controls Lynx+ Gateway are encouraged to reach out to GIC for more information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References