Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
LOYTEC

LOYTEC Vendor Cyber Rating & Cyber Score

loytec.com

Since 1999, LOYTEC has established itself as a leading European provider of intelligent products for building automation. Under the umbrella of building management solutions, LOYTEC offers innovative approaches for Lighting Control, Plant Control, and Room Automation, deeply committed to ESG (Environmental, Social, and Governance) principles and enhancing the well-being of individuals in the environments we serve. Innovation, Sustainability, and Human-Centric Design Through our partnership with Delta Group since April 2016, LOYTEC has been catapulted to the forefront of innovation and sustainability in the realm of building automation. Our unwavering commitment to these principles is deeply intertwined with our approach to ESG


LOYTEC A.I CyberSecurity Scoring

LOYTEC
Company Information
Website:https://www.loytec.com
Employees number:76
Number of followers:3,710
NAICS:335
Industry Type:Appliances, Electrical, and Electronics Manufacturing
Homepage:loytec.com
LOYTEC Risk Score (AI oriented)
Between 700 and 749
logo
LOYTECAppliances, Electrical, and Electronics Manufacturing
Updated:
10/04/2026
749/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
LOYTEC Global Score (TPRM)
xxxx
logo
LOYTECAppliances, Electrical, and Electronics Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

LOYTEC
LOYTECModerate
Current Score
749Ba (MODERATE)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
750Before Incident
JUNE 2026
750Before Incident
MAY 2026
750Before Incident
APRIL 2026
749Before Incident
MARCH 2026
749Before Incident
FEBRUARY 2026
747Before Incident
Vulnerability
01 Feb 2026LOYTEC
Loytec: Claroty says CEA-852 adoption accelerates risk as building systems become exposed to critical infrastructure threats

Critical Vulnerabilities in Building Management Systems Expose Infrastructure to Cyberattacks

749After Incident
CRITICAL-2
LOY1775838976
Critical Vulnerabilities in Building Management Systems Expose Infrastructure to Cyberattacks Research from Claroty’s Team82 reveals that the widespread adoption of the CEA-852 standard which enables legacy protocols like LonTalk to operate over IP networks has significantly expanded the attack surface for building management systems (BMS). While this shift enhances flexibility and interoperability, it also introduces severe cybersecurity risks, including unauthorized access, traffic manipulation, and remote exploitation when security controls are weak or absent. The findings, detailed in The Risky Road Bringing Building Management Systems Online, highlight systemic vulnerabilities in smart buildings. Three-quarters of organizations using BMS are affected by known exploited vulnerabilities, with over half exposing these systems to the internet often linked to ransomware attacks. Since BMS control critical functions like HVAC, energy, and physical security, their compromise could disrupt operations or serve as a gateway for deeper infiltration into enterprise and critical infrastructure networks. ### Key Vulnerabilities in CEA-852 Implementations The CEA-852 standard supports three variants IP-852, RNI, and LPA each differing in packet types, payload formats, and HMAC signing algorithms. While RNI and LPA share similarities, IP-852 stands apart with distinct packet structures and authentication methods. - IP-852 packets (protocol code 0x01) include standard (vendor-neutral) and proprietary (vendor-specific) types. Standard packets handle core functions like LonTalk encapsulation and device queries, while proprietary packets used by vendors like Echelon (0x01) and Loytec (0x02) enable advanced features such as remote reboots, firmware updates, and NAT configuration. - HMAC authentication, based on MD5 and a 16-byte pre-shared key, is used to verify packet integrity. However, many devices disable HMAC entirely or use default keys (e.g., all-zero values), making it trivial for attackers to forge valid messages. ### Exploitable Weaknesses in RNI/LPA and Loytec Devices - RNI (0x03) and LPA (0x04) packets share identical structures but differ in response handling. Analysis of compiled libraries (e.g., libRNI.so, libLSPA.so) revealed that KEEP_ALIVE packets (type 0x00) enforce payload constraints, rejecting malformed or manipulated messages. - HMAC recovery is possible via offline brute-force attacks using a single captured packet, even without direct interaction with the target. - Loytec-specific packets (vendor code 0x02) contain unauthenticated reboot commands (type 0x90), allowing attackers to trigger denial-of-service (DoS) conditions by forcing controller restarts. Additionally, researchers identified methods to bypass internal security mechanisms, enabling unauthorized modification of core device configurations. ### Real-World Impact The research underscores that insecure BMS deployments are already widespread, with many devices publicly exposed and lacking basic protections. Attackers could exploit these flaws to disrupt building operations, manipulate environmental controls, or pivot into broader network infrastructure posing risks to hospitals, data centers, and industrial facilities. Claroty’s findings serve as a critical warning: as legacy BMS protocols transition to IP-based networks, organizations must address design weaknesses, enforce HMAC authentication, and restrict internet exposure to mitigate escalating cyber threats.
INCIDENT DETAILS -
TYPE
Vulnerability DisclosureExploitation Risk
IMPACT
Building Management Systems (BMS)HVAC SystemsEnergy Management SystemsPhysical Security SystemsDisruption of Building OperationsDenial-of-Service (DoS) Conditions
JANUARY 2026
747Before Incident
DECEMBER 2025
747Before Incident
NOVEMBER 2025
747Before Incident
OCTOBER 2025
747Before Incident
SEPTEMBER 2025
747Before Incident
AUGUST 2025
747Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for LOYTEC ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in June 2026 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in May 2026 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in April 2026 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in March 2026 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in February 2026 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in January 2026 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in December 2025 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in November 2025 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in October 2025 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in September 2025 ?
?
What was LOYTEC's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on LOYTEC's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with LOYTEC ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view LOYTEC's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?