Primary

Context

General Industrial Controls Lynx+ Gateway Missing Authentication Vulnerability in Embedded Web Server

Vulnerability

A vulnerability exists in the General Industrial Controls Lynx+ Gateway due to critical authentication being absent in the embedded web server. This flaw could enable an attacker to send GET requests that retrieve sensitive device information. The issue is present in Lynx+ Gateway versions R08, V03, V05, and V18.

Impact

Exploitation of this vulnerability could lead to unauthorized access and the ability to obtain sensitive device information, according to CISA.

Remediation

General Industrial Controls (GIC) did not respond to CISA's attempts to coordinate. Users of General Industrial Controls Lynx+ Gateway are encouraged to reach out to GIC for more information.

Added: Nov 15, 2025, 12:22 AM

Updated: Nov 15, 2025, 12:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

General Industrial Controls Lynx+ Gateway Missing Authentication Vulnerability in Embedded Web Server

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating