CVE-2025-59780

Summary

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.

Affected Software

VendorProductVersion RangeStatus
General Industrial ControlsLynx+ GatewayVersion R08affected
General Industrial ControlsLynx+ GatewayVersion V03affected
General Industrial ControlsLynx+ GatewayVersion V05affected
General Industrial ControlsLynx+ GatewayVersion V18affected

Weaknesses

  • CWE-306: CWE-306

Workarounds

General Industrial Controls (GIC) did not respond to CISA's attempts to coordinate. Users of General Industrial Controls Lynx+ Gateway are encouraged to reach out to GIC for more information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References