ICSA-24-023-04 · Published 2024-01-23 · View on CISA ICS-CERT ↗

Westermo Lynx 206-F2G

CVSS 8.0 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to access the web application, inject arbitrary code, execute malicious code, obtain sensitive information, or execute a malicious request.

CVEs (8)

CVE-2023-40143 CVE-2023-45222 CVE-2023-45735 CVE-2023-45213 CVE-2023-42765 CVE-2023-40544 CVE-2023-38579 CVE-2023-45227

Remediations

Westermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction) etc., to mitigate the reported vulnerabilities.
The reported cross-site scripting vulnerabilities will be mitigated in a future report.
The reported cross-origin resource sharing vulnerability will be mitigated in a future report.
The reported code injection vulnerability will be mitigated in a future report.
The reported cross site request forgery vulnerability was patched in a later WeOS4 version.

Affected Vendors

Westermo

Affected Products (2)

Westermo · Lynx Model L206-F2G1

Westermo · Lynx Firmware 4.24.

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more