Severity: HIGH
Description: A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.
CVSS Score: 8
B
No data available.
No data available.
1. Risk Assessment
CVE-2023-45735 represents a HIGH risk vulnerability affecting Westermo Lynx devices, specifically versions L206-F2G1 and 4.24. The vulnerability is a Code Injection flaw (CWE-94) allowing a potential attacker, with limited privileges and requiring user interaction, to execute malicious code on the device. This impacts confidentiality, integrity, and availability – potentially leading to full compromise of the device. The CVSS score of 8 indicates significant severity. The likelihood of exploitation is moderate, requiring user interaction, but the impact if successful is substantial. Westermo Lynx devices are commonly used in industrial control systems (ICS) and networking infrastructure, meaning a compromise could disrupt critical operations, particularly in environments where these devices are exposed to network access. The EPSS score of 0.001030000 suggests a relatively low, but still present, probability of exploitation in the wild.
2. Potential Attack Scenarios
An attacker could leverage this code injection vulnerability through a crafted input that is processed by the Westermo Lynx device. Imagine a scenario where an operator accesses the Lynx device's web interface and enters a malicious payload into a field expecting a simple string. The code injection allows the attacker’s payload to be executed, potentially granting them shell access. From there, the attacker could steal configuration data (confidentiality), modify device settings (integrity), or even disrupt network communication managed by the Lynx device (availability). The user interaction requirement means the attacker likely needs to entice an operator to submit the malicious input, potentially through a phishing campaign or by exploiting a trust relationship. Successful exploitation could lead to broader network compromise if the Lynx device has access to other critical systems.
3. Mitigation Recommendations
The primary mitigation is to apply the patch when it becomes available from Westermo. Currently, Westermo recommends following general hardening best practices to reduce the attack surface. These include restricting access to the device's management interfaces, disabling any unused services, and implementing strong authentication mechanisms. Network segmentation can also limit the blast radius if a device is compromised. Regularly monitor logs for suspicious activity, and consider using intrusion detection systems (IDS) to identify potential exploitation attempts. Further information and guidance can be found at the CISA advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04. Consider implementing a web application firewall (WAF) in front of the device's web interface to filter potentially malicious input.
4. Executive Summary
Westermo Lynx devices are vulnerable to a code injection flaw (CVE-2023-45735) that could allow attackers to execute malicious code, impacting the device’s functionality and potentially disrupting critical operations. While exploitation requires user interaction, the impact of a successful attack is significant, affecting the confidentiality, integrity, and availability of the device and potentially the broader network. Currently, applying a patch is the best long-term solution, but in the interim, implement standard hardening practices such as access restriction and service disabling. Addressing this vulnerability is important, especially for organizations utilizing Westermo Lynx devices in critical infrastructure or industrial control systems, to minimize the risk of disruption and data compromise. Prompt action based on the CISA advisory (https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04) is recommended.