Severity: HIGH
Description: An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
CVSS Score: 7.5
B
No data available.
No data available.
1. Risk Assessment
The vulnerability identified as CVE-2024-32943 is a high-severity issue with a CVSS score of 7.5. It affects the Westermo L210-F2G Lynx device, specifically version 4.21.0. The vulnerability allows an attacker to cause a denial-of-service (DoS) condition by sending a high volume of SSH packets repeatedly. This can render the device unresponsive, disrupting operations that rely on its functionality.
The nature of the vulnerability lies in improper control of interaction frequency, which makes it susceptible to abuse. The attack complexity is low, and no privileges or user interaction are required, making it relatively easy to exploit. The primary impact is on availability, as the device may become inaccessible or unresponsive. There is no direct impact on confidentiality or integrity, but the disruption of services can have significant business consequences, especially in critical environments such as industrial control systems.
The likelihood of exploitation is moderate, given the low complexity and the network-based attack vector. However, the EPSS score of 0.000430000 suggests that widespread exploitation is currently unlikely. Nonetheless, the potential impact on availability makes this a high-priority issue for organizations using the affected device.
2. Potential Attack Scenarios
An attacker could exploit this vulnerability by targeting a Westermo L210-F2G Lynx device exposed to the internet or an internal network. The attack vector involves sending a flood of SSH packets to the device, overwhelming its capacity to process legitimate requests. This could be achieved using automated tools or scripts designed to generate high volumes of SSH traffic.
The attack process begins with the attacker identifying the target device, either through network scanning or prior reconnaissance. Once the device is located, the attacker initiates the SSH packet flood, causing the device to exhaust its resources and become unresponsive. The potential outcomes include disruption of critical operations, loss of connectivity, and downtime for systems dependent on the device. In industrial environments, this could lead to production delays, safety risks, or financial losses.
3. Mitigation Recommendations
To mitigate this vulnerability, immediate action is required. Westermo has provided specific recommendations:
- Disable HTTP access to the WebGUI and use HTTPS instead to secure credentials and session IDs.
- Disable access to the device's WebGUI on external communication interfaces to reduce the attack surface.
- Limit access to the device's CLI on external communication interfaces to prevent SSH-based DoS attacks.
- For devices in production environments, consider disabling the WebGUI entirely if it is not required for operations.
Additionally, organizations should monitor for updates from Westermo and apply any patches or firmware updates as soon as they become available. Implementing network segmentation and restricting access to the device to trusted IP addresses can further reduce the risk of exploitation.
For more details, refer to the CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03.
4. Executive Summary
CVE-2024-32943 is a high-severity vulnerability affecting the Westermo L210-F2G Lynx device, version 4.21.0. It allows attackers to cause a denial-of-service condition by flooding the device with SSH packets, potentially disrupting critical operations. The vulnerability is easy to exploit, requiring no privileges or user interaction, and poses a significant risk to availability.
While there is no direct impact on confidentiality or integrity, the disruption of services can have serious business consequences, particularly in industrial environments. Immediate mitigation steps include disabling HTTP access, restricting WebGUI and CLI access, and applying updates as they become available.
Organizations using the affected device should prioritize addressing this vulnerability to prevent potential operational disruptions and associated financial or safety risks. Proactive measures, such as network segmentation and access controls, can further reduce the likelihood of exploitation.
Severity: HIGH
Description: An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
CVSS Score: 7.5
B
No data available.
No data available.
1. Risk Assessment
The vulnerability identified as CVE-2024-35246 poses a significant risk due to its high CVSS score of 7.5. This vulnerability affects the Westermo L210-F2G Lynx device, specifically version 4.21.0, and is categorized as a denial-of-service (DoS) issue. The nature of the vulnerability allows an attacker to exploit it remotely without requiring any privileges or user interaction, making it highly accessible. The primary impact is on availability, as the attacker can disrupt services by sending a high volume of packets repeatedly, potentially rendering the device unresponsive. While there is no impact on confidentiality or integrity, the disruption of services can lead to operational downtime, financial losses, and reputational damage for organizations relying on the affected device. The likelihood of exploitation is moderate, given the low attack complexity and the absence of prerequisites for an attack. However, the EPSS score of 0.000430000 suggests that widespread exploitation is currently unlikely.
2. Potential Attack Scenarios
One potential attack scenario involves an attacker leveraging the vulnerability to launch a distributed denial-of-service (DDoS) attack. The attacker would first identify the target device, which is accessible over the network. Using automated tools, the attacker would then send a flood of packets to the device, overwhelming its processing capabilities. This could cause the device to become unresponsive, disrupting critical operations that depend on it. For example, if the device is used in an industrial control system (ICS) environment, the attack could halt production lines, leading to significant operational and financial consequences. The attack process is straightforward, requiring minimal technical expertise, and the outcome would be a prolonged service outage until the device is manually reset or the attack ceases.
3. Mitigation Recommendations
To mitigate the risk posed by CVE-2024-35246, organizations should take the following actions:
- Immediately update the affected device to a patched version if available. Monitor Westermo's official communications for updates and patches.
- Disable HTTP access to the WebGUI and enforce HTTPS to secure credentials and session IDs, as recommended by Westermo.
- Limit access to the device's WebGUI and CLI on external communication interfaces to reduce the attack surface.
- Implement network-level protections such as firewalls and intrusion detection/prevention systems (IDS/IPS) to filter out malicious traffic targeting the device.
- Regularly monitor network traffic for unusual patterns that may indicate an ongoing attack.
For further guidance, refer to the CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03.
4. Executive Summary
CVE-2024-35246 is a high-severity vulnerability affecting the Westermo L210-F2G Lynx device, version 4.21.0. It allows remote attackers to cause a denial-of-service condition by overwhelming the device with repeated packets, leading to operational disruptions. While there is no impact on data confidentiality or integrity, the potential for service outages poses significant business risks, including financial losses and reputational damage. The vulnerability is relatively easy to exploit, though widespread exploitation is currently unlikely. Immediate actions, such as applying patches, disabling HTTP access, and restricting external access to the device, are critical to mitigating this risk. Organizations should prioritize these measures to safeguard their operations and ensure business continuity.
Severity: MEDIUM
Description: Plain text credentials and session ID can be captured with a network sniffer.
CVSS Score: 5.7
D
No data available.
No data available.
1. Risk Assessment
The vulnerability CVE-2024-37183 involves the cleartext transmission of sensitive information, specifically plain text credentials and session IDs, which can be captured using a network sniffer. This poses a significant risk to confidentiality, as attackers with access to the adjacent network can intercept and misuse this data. The CVSS score of 5.7 (MEDIUM) reflects the moderate risk level, with a high impact on confidentiality but no impact on integrity or availability. The attack vector is adjacent network (AV:A), meaning exploitation requires proximity to the target network, and user interaction is required (UI:R), making exploitation slightly more challenging. However, the low attack complexity (AC:L) and no privileges required (PR:N) make this vulnerability relatively easy to exploit if an attacker gains access to the network. The business impact includes potential unauthorized access to sensitive systems, data breaches, and reputational damage.
2. Potential Attack Scenarios
An attacker could exploit this vulnerability by deploying a network sniffer on an adjacent network segment where the Westermo L210-F2G Lynx device is operational. Once the attacker captures the plain text credentials and session IDs transmitted over HTTP, they can use this information to impersonate legitimate users, gain unauthorized access to the device's WebGUI, and potentially manipulate configurations or extract sensitive data. For example, an attacker in a corporate environment could intercept credentials during a legitimate user's login attempt, use the captured session ID to hijack the session, and escalate privileges to disrupt operations or exfiltrate critical information. The outcome could include operational downtime, data theft, or further exploitation of the compromised device.
3. Mitigation Recommendations
To mitigate this vulnerability, Westermo recommends disabling HTTP access to the WebGUI and using HTTPS instead to encrypt sensitive data in transit. This change will prevent attackers from capturing plain text credentials and session IDs. Additionally, organizations should disable access to the WebGUI on external communication interfaces to reduce the attack surface. For devices in production environments, consider disabling the WebGUI entirely if it is not required. Limiting access to the device's CLI on external interfaces can also prevent SSH-based denial-of-service attacks. Organizations should monitor for updates from Westermo and apply patches or configuration changes as soon as they become available. Relevant resources include the CISA advisory (https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03) and PacketStorm Security (https://packetstormsecurity.com/search/?q=CVE-2024-37183).
4. Executive Summary
CVE-2024-37183 is a medium-risk vulnerability affecting the Westermo L210-F2G Lynx device, allowing attackers to capture plain text credentials and session IDs using a network sniffer. This poses a significant risk to data confidentiality, potentially leading to unauthorized access, data breaches, and operational disruptions. Attackers can exploit this vulnerability if they gain access to the adjacent network, making it critical to secure network segments and implement encryption for sensitive communications. Immediate mitigation steps include disabling HTTP access, enabling HTTPS, and restricting access to the device's WebGUI and CLI. Addressing this vulnerability is essential to protect sensitive data, maintain operational integrity, and prevent reputational damage. Organizations should prioritize implementing these recommendations and stay informed about updates from Westermo.