Severity: HIGH
Description: An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
CVSS Score: 7.5
B
No data available.
No data available.
1. Risk Assessment
The vulnerability identified as CVE-2024-35246 poses a significant risk due to its high CVSS score of 7.5. This vulnerability affects the Westermo L210-F2G Lynx device, specifically version 4.21.0, and is categorized as a denial-of-service (DoS) issue. The nature of the vulnerability allows an attacker to exploit it remotely without requiring any privileges or user interaction, making it highly accessible. The primary impact is on availability, as the attacker can disrupt services by sending a high volume of packets repeatedly, potentially rendering the device unresponsive. While there is no impact on confidentiality or integrity, the disruption of services can lead to operational downtime, financial losses, and reputational damage for organizations relying on the affected device. The likelihood of exploitation is moderate, given the low attack complexity and the absence of prerequisites for an attack. However, the EPSS score of 0.000430000 suggests that widespread exploitation is currently unlikely.
2. Potential Attack Scenarios
One potential attack scenario involves an attacker leveraging the vulnerability to launch a distributed denial-of-service (DDoS) attack. The attacker would first identify the target device, which is accessible over the network. Using automated tools, the attacker would then send a flood of packets to the device, overwhelming its processing capabilities. This could cause the device to become unresponsive, disrupting critical operations that depend on it. For example, if the device is used in an industrial control system (ICS) environment, the attack could halt production lines, leading to significant operational and financial consequences. The attack process is straightforward, requiring minimal technical expertise, and the outcome would be a prolonged service outage until the device is manually reset or the attack ceases.
3. Mitigation Recommendations
To mitigate the risk posed by CVE-2024-35246, organizations should take the following actions:
- Immediately update the affected device to a patched version if available. Monitor Westermo's official communications for updates and patches.
- Disable HTTP access to the WebGUI and enforce HTTPS to secure credentials and session IDs, as recommended by Westermo.
- Limit access to the device's WebGUI and CLI on external communication interfaces to reduce the attack surface.
- Implement network-level protections such as firewalls and intrusion detection/prevention systems (IDS/IPS) to filter out malicious traffic targeting the device.
- Regularly monitor network traffic for unusual patterns that may indicate an ongoing attack.
For further guidance, refer to the CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03.
4. Executive Summary
CVE-2024-35246 is a high-severity vulnerability affecting the Westermo L210-F2G Lynx device, version 4.21.0. It allows remote attackers to cause a denial-of-service condition by overwhelming the device with repeated packets, leading to operational disruptions. While there is no impact on data confidentiality or integrity, the potential for service outages poses significant business risks, including financial losses and reputational damage. The vulnerability is relatively easy to exploit, though widespread exploitation is currently unlikely. Immediate actions, such as applying patches, disabling HTTP access, and restricting external access to the device, are critical to mitigating this risk. Organizations should prioritize these measures to safeguard their operations and ensure business continuity.
Severity: MEDIUM
Description: Plain text credentials and session ID can be captured with a network sniffer.
CVSS Score: 5.7
D
No data available.
No data available.
1. Risk Assessment
The vulnerability CVE-2024-37183 involves the cleartext transmission of sensitive information, specifically plain text credentials and session IDs, which can be captured using a network sniffer. This poses a significant risk to confidentiality, as attackers with access to the adjacent network can intercept and misuse this data. The CVSS score of 5.7 (MEDIUM) reflects the moderate risk level, with a high impact on confidentiality but no impact on integrity or availability. The attack vector is adjacent network (AV:A), meaning exploitation requires proximity to the target network, and user interaction is required (UI:R), making exploitation slightly more challenging. However, the low attack complexity (AC:L) and no privileges required (PR:N) make this vulnerability relatively easy to exploit if an attacker gains access to the network. The business impact includes potential unauthorized access to sensitive systems, data breaches, and reputational damage.
2. Potential Attack Scenarios
An attacker could exploit this vulnerability by deploying a network sniffer on an adjacent network segment where the Westermo L210-F2G Lynx device is operational. Once the attacker captures the plain text credentials and session IDs transmitted over HTTP, they can use this information to impersonate legitimate users, gain unauthorized access to the device's WebGUI, and potentially manipulate configurations or extract sensitive data. For example, an attacker in a corporate environment could intercept credentials during a legitimate user's login attempt, use the captured session ID to hijack the session, and escalate privileges to disrupt operations or exfiltrate critical information. The outcome could include operational downtime, data theft, or further exploitation of the compromised device.
3. Mitigation Recommendations
To mitigate this vulnerability, Westermo recommends disabling HTTP access to the WebGUI and using HTTPS instead to encrypt sensitive data in transit. This change will prevent attackers from capturing plain text credentials and session IDs. Additionally, organizations should disable access to the WebGUI on external communication interfaces to reduce the attack surface. For devices in production environments, consider disabling the WebGUI entirely if it is not required. Limiting access to the device's CLI on external interfaces can also prevent SSH-based denial-of-service attacks. Organizations should monitor for updates from Westermo and apply patches or configuration changes as soon as they become available. Relevant resources include the CISA advisory (https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03) and PacketStorm Security (https://packetstormsecurity.com/search/?q=CVE-2024-37183).
4. Executive Summary
CVE-2024-37183 is a medium-risk vulnerability affecting the Westermo L210-F2G Lynx device, allowing attackers to capture plain text credentials and session IDs using a network sniffer. This poses a significant risk to data confidentiality, potentially leading to unauthorized access, data breaches, and operational disruptions. Attackers can exploit this vulnerability if they gain access to the adjacent network, making it critical to secure network segments and implement encryption for sensitive communications. Immediate mitigation steps include disabling HTTP access, enabling HTTPS, and restricting access to the device's WebGUI and CLI. Addressing this vulnerability is essential to protect sensitive data, maintain operational integrity, and prevent reputational damage. Organizations should prioritize implementing these recommendations and stay informed about updates from Westermo.