Primary

Context

General Industrial Controls Lynx+ Gateway Missing Authentication Vulnerability Allowing Remote Device Reset

Vulnerability

A vulnerability exists in the General Industrial Controls Lynx+ Gateway due to missing critical authentication in the embedded web server. This flaw could enable an attacker to remotely reset the device. The vulnerability is present in Lynx+ Gateway versions R08, V03, V05, and V18.

Impact

Exploitation of this vulnerability could lead to unauthorized remote resets of the device, potentially causing a denial-of-service condition by disrupting normal operations.

Remediation

General Industrial Controls (GIC) did not respond to CISA's attempts to coordinate. Users of General Industrial Controls Lynx+ Gateway are encouraged to reach out to GIC for more information.

Added: Nov 15, 2025, 12:22 AM

Updated: Nov 15, 2025, 12:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

General Industrial Controls Lynx+ Gateway Missing Authentication Vulnerability Allowing Remote Device Reset

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating