LOYTEC A.I CyberSecurity Scoring
LOYTEC
Company Information
Website:https://www.loytec.com
Employees number:76
Number of followers:3,710
NAICS:335
Industry Type:Appliances, Electrical, and Electronics Manufacturing
Homepage:loytec.com
LOYTEC Risk Score (AI oriented)
Between 700 and 749
LOYTECAppliances, Electrical, and Electronics Manufacturing
Updated:
10/04/2026
10/04/2026
749/1000
Moderate
Ba
LOYTEC Global Score (TPRM)
xxxx
LOYTECAppliances, Electrical, and Electronics Manufacturing
Score locked

LOYTECModerate
Current Score
749Ba (MODERATE)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
750
JUNE 2026
750
MAY 2026
750
APRIL 2026
749
MARCH 2026
749
FEBRUARY 2026
747
Vulnerability
01 Feb 2026 • LOYTEC
Loytec: Claroty says CEA-852 adoption accelerates risk as building systems become exposed to critical infrastructure threats
Critical Vulnerabilities in Building Management Systems Expose Infrastructure to Cyberattacks
749
CRITICAL-2
LOY1775838976
Critical Vulnerabilities in Building Management Systems Expose Infrastructure to Cyberattacks
Research from Claroty’s Team82 reveals that the widespread adoption of the CEA-852 standard which enables legacy protocols like LonTalk to operate over IP networks has significantly expanded the attack surface for building management systems (BMS). While this shift enhances flexibility and interoperability, it also introduces severe cybersecurity risks, including unauthorized access, traffic manipulation, and remote exploitation when security controls are weak or absent.
The findings, detailed in The Risky Road Bringing Building Management Systems Online, highlight systemic vulnerabilities in smart buildings. Three-quarters of organizations using BMS are affected by known exploited vulnerabilities, with over half exposing these systems to the internet often linked to ransomware attacks. Since BMS control critical functions like HVAC, energy, and physical security, their compromise could disrupt operations or serve as a gateway for deeper infiltration into enterprise and critical infrastructure networks.
### Key Vulnerabilities in CEA-852 Implementations
The CEA-852 standard supports three variants IP-852, RNI, and LPA each differing in packet types, payload formats, and HMAC signing algorithms. While RNI and LPA share similarities, IP-852 stands apart with distinct packet structures and authentication methods.
- IP-852 packets (protocol code 0x01) include standard (vendor-neutral) and proprietary (vendor-specific) types. Standard packets handle core functions like LonTalk encapsulation and device queries, while proprietary packets used by vendors like Echelon (0x01) and Loytec (0x02) enable advanced features such as remote reboots, firmware updates, and NAT configuration.
- HMAC authentication, based on MD5 and a 16-byte pre-shared key, is used to verify packet integrity. However, many devices disable HMAC entirely or use default keys (e.g., all-zero values), making it trivial for attackers to forge valid messages.
### Exploitable Weaknesses in RNI/LPA and Loytec Devices
- RNI (0x03) and LPA (0x04) packets share identical structures but differ in response handling. Analysis of compiled libraries (e.g., libRNI.so, libLSPA.so) revealed that KEEP_ALIVE packets (type 0x00) enforce payload constraints, rejecting malformed or manipulated messages.
- HMAC recovery is possible via offline brute-force attacks using a single captured packet, even without direct interaction with the target.
- Loytec-specific packets (vendor code 0x02) contain unauthenticated reboot commands (type 0x90), allowing attackers to trigger denial-of-service (DoS) conditions by forcing controller restarts. Additionally, researchers identified methods to bypass internal security mechanisms, enabling unauthorized modification of core device configurations.
### Real-World Impact
The research underscores that insecure BMS deployments are already widespread, with many devices publicly exposed and lacking basic protections. Attackers could exploit these flaws to disrupt building operations, manipulate environmental controls, or pivot into broader network infrastructure posing risks to hospitals, data centers, and industrial facilities.
Claroty’s findings serve as a critical warning: as legacy BMS protocols transition to IP-based networks, organizations must address design weaknesses, enforce HMAC authentication, and restrict internet exposure to mitigate escalating cyber threats.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
JANUARY 2026
747
DECEMBER 2025
747
NOVEMBER 2025
747
OCTOBER 2025
747
SEPTEMBER 2025
747
AUGUST 2025
747
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for LOYTEC ??
What was LOYTEC's A.I Rankiteo Cyber Score in June 2026 ??
What was LOYTEC's A.I Rankiteo Cyber Score in May 2026 ??
What was LOYTEC's A.I Rankiteo Cyber Score in April 2026 ??
What was LOYTEC's A.I Rankiteo Cyber Score in March 2026 ??
What was LOYTEC's A.I Rankiteo Cyber Score in February 2026 ??
What was LOYTEC's A.I Rankiteo Cyber Score in January 2026 ??
What was LOYTEC's A.I Rankiteo Cyber Score in December 2025 ??
What was LOYTEC's A.I Rankiteo Cyber Score in November 2025 ??
What was LOYTEC's A.I Rankiteo Cyber Score in October 2025 ??
What was LOYTEC's A.I Rankiteo Cyber Score in September 2025 ??
What was LOYTEC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on LOYTEC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with LOYTEC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view LOYTEC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?