{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1633", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-01-29T16:19:22.805Z", "datePublished": "2026-02-03T23:02:58.208Z", "dateUpdated": "2026-02-04T20:18:22.726Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LAN 232 TRIO", "vendor": "Synectix", "versions": [{"status": "affected", "version": "All versions"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Souvik Kandar of MicroSec reported this vulnerability to CISA"}], "datePublic": "2026-02-03T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device."}], "value": "The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-02-03T23:02:58.208Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-04.json"}], "source": {"advisory": "ICSA-26-034-04", "discovery": "EXTERNAL"}, "title": "Synectix LAN 232 TRIO Missing Authentication for Critical Function", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The affected products should be considered end-of-life, as Synectix is \nno longer in business and therefore firmware fixes, mitigations and \nupdates will be unavailable.\n\n<br>"}], "value": "The affected products should be considered end-of-life, as Synectix is \nno longer in business and therefore firmware fixes, mitigations and \nupdates will be unavailable."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T20:18:17.025677Z", "id": "CVE-2026-1633", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T20:18:22.726Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1633", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-04T20:18:17.025677Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T20:18:19.933Z"}}], "cna": {"title": "Synectix LAN 232 TRIO Missing Authentication for Critical Function", "source": {"advisory": "ICSA-26-034-04", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Souvik Kandar of MicroSec reported this vulnerability to CISA"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Synectix", "product": "LAN 232 TRIO", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-03T19:00:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-04.json"}], "workarounds": [{"lang": "en", "value": "The affected products should be considered end-of-life, as Synectix is \nno longer in business and therefore firmware fixes, mitigations and \nupdates will be unavailable.", "supportingMedia": [{"type": "text/html", "value": "The affected products should be considered end-of-life, as Synectix is \nno longer in business and therefore firmware fixes, mitigations and \nupdates will be unavailable.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.", "supportingMedia": [{"type": "text/html", "value": "The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-02-03T23:02:58.208Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1633", "state": "PUBLISHED", "dateUpdated": "2026-02-04T20:18:22.726Z", "dateReserved": "2026-01-29T16:19:22.805Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-02-03T23:02:58.208Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device."}, {"lang": "es", "value": "El adaptador serie a ethernet Synectix LAN 232 TRIO de 3 puertos expone su interfaz de gesti\u00f3n web sin requerir autenticaci\u00f3n, permitiendo a usuarios no autenticados modificar configuraciones cr\u00edticas del dispositivo o restablecer el dispositivo a la configuraci\u00f3n de f\u00e1brica."}], "id": "CVE-2026-1633", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-02-04T00:16:08.557", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-04.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:07:23.913062+00:00", "value": {"mitigation_remediation": ["Discontinue use of the Synectix LAN 232 TRIO device and remove it from the network or place it behind a firewall that blocks all inbound traffic to ports 80 and 443.", "Replace the device with a supported serial\u2011to\u2011Ethernet adapter that enforces authenticated management access.", "If replacement is not immediately feasible, isolate the device by configuring network segmentation or ACLs to restrict management access to a trusted management subnet only.", "The CNA workaround indicates the device is end\u2011of\u2011life and no firmware updates will be provided; plan for replacement as a permanent fix."], "summary": {"action": "Replace Device", "impact": "Unauthenticated Remote Configuration"}, "threat_synthesis": {"affected_systems": "The affected product is Synectix LAN 232 TRIO. No specific firmware versions are listed, and the manufacturer is no longer in business. The product is effectively end\u2011of\u2011life and no firmware updates will be released. The official CNA workaround indicates the device is end\u2011of\u2011life and no firmware fixes will be available.", "description_and_impact": "The Synectix LAN 232 TRIO 3\u2011Port serial to Ethernet adapter lacks authentication for its web management interface, allowing any user with network access to alter critical device settings or perform factory resets. This unfettered access can lead to unauthorized configuration changes, service disruption, and loss of device integrity. The vulnerability corresponds to CWE\u2011306, highlighting a missing authentication weakness.", "risk_and_exploitability": "The CVSS base score of 10 indicates a critical impact if exploited. EPSS is reported as less than 1\u202f%, suggesting a low current exploit probability, but the absence of vendor remediation means the risk remains high. The device is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog, yet the lack of authentication makes it a prime candidate for attackers who can reach the device\u2019s management interface over the network. Because Synectix is no longer in business and no firmware updates are available, the risk persists without a vendor patch, making replacement the only viable long\u2011term solution."}}}}, "created": "2026-02-04T12:05:57.122479+00:00", "updated": "2026-04-18T14:15:04.129540+00:00", "vendors": ["synectix", "synectix$PRODUCT$lan_232_trio"]}