i-GEN opLYNX Central Authentication Bypass

CVE-2012-4688

The i-GEN opLYNX Central system provides an interface for remote connections. Publicly available tools to disable Javascript can be used to bypass authentication on the opLYNX Central interface. This allows a user to access configuration settings and other information.

http://www.us-cert.gov/control_systems/pdf/ICSA-12-362-01.pdf

http://xforce.iss.net/xforce/xfdb/80859

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4688

https://nvd.nist.gov/vuln/detail/CVE-2012-4688

CWE-592: Authentication Bypass Issues, http://cwe.mitre.org/data/definitions/592

A CVSS v2 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Anthony Cicalla