CISA Warns: Critical Lynx+ Gateway Flaw (CVSS 10.0) Allows Unauthenticated Remote Reset; Vendor Non-Responsive

Estimated reading time: 7 minutes

Key Takeaways:

  • CISA has issued an advisory for critical vulnerabilities in the Lynx+ Gateway.
  • A CVSS 10.0 flaw allows unauthenticated remote reset of the device.
  • Affected versions include R08, V03, V05, and V18.
  • Vendor GIC is non-responsive to CISA’s coordination attempts.
  • Immediate patching, network segmentation, and enhanced monitoring are crucial.

Table of Contents:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding multiple high-severity vulnerabilities affecting the Lynx+ Gateway manufactured by General Industrial Controls (GIC). The most critical of these flaws, with a CVSS score of 10.0, allows unauthenticated remote reset of the device. This post examines the details of the vulnerabilities and their potential impact.

Critical Lynx+ Gateway Flaw: Unauthenticated Remote Reset

Industrial control panel with digital lock overlay and warning alert

According to the CISA alert, successful exploitation of these vulnerabilities could lead to obtaining sensitive device information, unauthorized access, or creating a denial-of-service condition. The vulnerabilities include weak password requirements, missing authentication mechanisms in critical functions, and cleartext transmission of sensitive information.

CISA’s advisory outlines four distinct vulnerabilities, each assigned its own CVE identifier:

  1. Weak Password Requirement – CVE-2025-55034 (CVSS 8.2): The product includes inadequate password requirements, creating exposure to brute-force attacks. The advisory states that the flaw may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.
  2. Missing Authentication for Critical Function – CVE-2025-58083 (CVSS 10.0): This is the most severe issue identified. CISA warns that the affected product is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device. A CVSS score of 10.0 reflects the ease of exploitation and potential operational impact.
  3. Missing Authentication for Sensitive Data Retrieval – CVE-2025-59780 (CVSS 7.5): Another authentication flaw enables remote attackers to access sensitive data. According to CISA, the web server weakness could allow an attacker to send GET requests to obtain sensitive device information.
  4. Cleartext Transmission of Sensitive Information – CVE-2025-62765 (CVSS 7.5): The Lynx+ Gateway also transmits sensitive information-including credentials-without encryption. CISA notes a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.

Together, these flaws create a high-risk scenario where attackers could steal credentials, reset devices, access internal information, or disrupt operations.

CISA confirms the following versions of the Lynx+ Gateway are impacted: R08, V03, V05, and V18.

These devices are commonly deployed across industrial and operational technology environments. Organizations relying on Lynx+ for connectivity or control should consider this advisory with urgency.

CISA reports that General Industrial Controls (GIC) did not respond to CISA’s attempts to coordinate.

Practical Takeaways

Technical Readers

  • Patch Management: Verify the Lynx+ Gateway firmware version and apply updates immediately if using an affected version.
  • Network Segmentation: Isolate Lynx+ Gateway devices from direct internet exposure. Implement network segmentation to limit the blast radius of a potential compromise. Consider using network security monitoring tools for breach detection.
  • Password Policies: Even though the device itself has weak password requirements, implement strong password policies at the network level to mitigate brute-force attacks.
  • Traffic Monitoring: Implement dark web monitoring service to identify potential credential leaks related to Lynx+ Gateway deployments.
  • Real-time Ransomware Intelligence: Monitor for indicators of compromise (IOCs) related to exploits targeting these vulnerabilities to proactively defend against potential attacks, this can be found on a cyber threat intelligence platform.
  • Vulnerability Scanning: Regularly scan the network for vulnerable Lynx+ Gateway devices.
  • Supply-chain risk monitoring: Consider the risk introduced to your network by third-party devices.

Non-Technical Readers

  • Asset Inventory: Maintain an accurate inventory of all Lynx+ Gateway devices on the network.
  • Risk Assessment: Evaluate the potential impact of a successful exploit on business operations.
  • Vendor Communication: Attempt to contact GIC for information on remediation plans and firmware updates.
  • Incident Response Plan: Ensure the incident response plan covers scenarios involving compromised industrial control systems.
  • Employee Training: Educate employees about the risks of weak passwords and social engineering attacks.

Relevance to PurpleOps Services

PurpleOps offers services that can help organizations address the risks associated with vulnerabilities like those found in the Lynx+ Gateway:

  • Cyber Threat Intelligence: PurpleOps provides cyber threat intelligence platform services that gather and analyze data from various sources, including the dark web and underground forums, to identify potential threats targeting specific devices or industries. This includes underground forum intelligence and telegram threat monitoring which can help identify discussions related to the exploitation of these vulnerabilities. Our platform offers brand leak alerting capabilities which provide an early warning of potential issues.
  • Vulnerability Management: PurpleOps’ vulnerability management service helps organizations identify and prioritize vulnerabilities in their systems, including industrial control systems. This includes continuous supply-chain risk monitoring to assess the security posture of third-party devices and software.
  • Penetration Testing: PurpleOps offers penetration testing services to simulate real-world attacks and identify weaknesses in network security and device configurations.
  • Red Team Operations: Our red team operations can simulate advanced attack scenarios to test an organization’s ability to detect and respond to sophisticated threats targeting critical infrastructure.
  • Breach Detection: PurpleOps specializes in breach detection services, utilizing advanced analytics and threat intelligence to identify and respond to security incidents in real-time.
  • Incident Response: PurpleOps provides incident response services to help organizations contain, eradicate, and recover from cyberattacks.
  • Protect Ransomware: PurpleOps also offers a protect ransomware service to identify and protect the weaknesses that ransomware groups are likely to exploit. Our live ransomware API keeps your defenses updated.

By leveraging these services, organizations can enhance their security posture and protect against the exploitation of critical vulnerabilities in industrial control systems and other critical infrastructure components.

To learn more about how PurpleOps can help your organization address these risks, please visit PurpleOps Services or contact us for a consultation.

FAQ

Q: What is the CVSS score of the most critical vulnerability?

A: The CVSS score is 10.0, indicating maximum severity.

Q: Which Lynx+ Gateway versions are affected?

A: Versions R08, V03, V05, and V18 are confirmed to be affected.

Q: What should I do if I have an affected device?

A: Immediately apply available patches, isolate the device, and monitor network traffic.