General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

General Industrial Controls Lynx+ Gateway
is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.

AI Analysis

Missing critical authentication in the embedded web server could allow an attacker to remotely reset the device.

Basic Information

ID CVE-2025-58083

Source icscert

Published Nov 14, 2025 at 23:24

Affected Product

Vendor General Industrial Controls

Product Lynx+ Gateway

Version Version R08

Affected Versions General Industrial Controls Lynx+ Gateway Version R08
General Industrial Controls Lynx+ Gateway Version V03
General Industrial Controls Lynx+ Gateway Version V05
General Industrial Controls Lynx+ Gateway Version V18

CWE Classification

CWE-306

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor General Industrial Controls

Product Lynx+ Gateway

Version R08, V03, V05, V18

References

{
    "lastseen": "",
    "description": "General Industrial Controls Lynx+ Gateway\u00a0\n is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.",
    "published": "2025-11-14T23:24:54.274Z",
    "modified": "2025-11-14T23:24:54.274Z",
    "type": "cve",
    "title": "General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-08\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-08.json",
    "id": "CVE-2025-58083",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "General Industrial Controls Lynx+ Gateway Version R08\nGeneral Industrial Controls Lynx+ Gateway Version V03\nGeneral Industrial Controls Lynx+ Gateway Version V05\nGeneral Industrial Controls Lynx+ Gateway Version V18",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Lynx+ Gateway",
    "version": "Version R08",
    "vendor": "General Industrial Controls",
    "ai_description": "Missing critical authentication in the embedded web server could allow an attacker to remotely reset the device.",
    "ai_severity": "Critical",
    "ai_vendor": "General Industrial Controls",
    "ai_product": "Lynx+ Gateway",
    "ai_version": "R08, V03, V05, V18",
    "ai_score": 10
}

General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function_CVE-2025-58083