close
close

How to find Westermo devices on your network

Posted on by darion

Latest Westermo vulnerabilities

Westermo has disclosed several vulnerabilities in its L210-F2G Lynx Industrial Ethernet switches.

Two vulnerabilities, CVE-2024-35246 and CVE-2024-32943 allow attackers to create Denial-of-Service (DoS) conditions using specific network traffic. An additional vulnerability, CVE-2024-37183 could allow an attacker with local network access to sniff sensitive credentials in clear text.

CVE-2024-35246 and CVE-2024-32943 have a CVSS score of 8.7, while CVE-2024-37183 has a CVSS score of 5.7.

What is the impact?

Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition or steal sensitive information.

Are updates or workarounds available?

No update addressing these vulnerabilities is currently available. The manufacturer recommends disabling the administrative web interface if possible.

How to find potentially vulnerable Westermo Lynx devices with runZero

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

hw:"Westermo Lynx"

EDW-100 serial to ethernet converter vulnerability (May 2024)

In May 2024, Westermo disclosed (direct PDF link) multiple vulnerabilities in their EDW-100 Serial to Ethernet converter product.

CVE-2024-36080 was rated critical with CVSS score of 9.8 due to a hidden administrator account with a hardcoded password. The credentials for the username root were hard-coded and exposed as strings that could trivially be extracted from the image.bin file in the firmware pages. Currently there is no way to change this password.

CVE-2024-36081 was rated critical with CVSS score of 9.8. The vulnerability allowed an unauthenticated GET request that could download the configuration-file that contained the configuration, username, and passwords in clear-text.

CISA published the above information as part of ICS Advisory ICSA-24-151-04

What was the impact?

Successful exploitation of these results on complete compromise of the device.

Are updates or workarounds available?

At time of this writing Westermo had not posted software updates to correct these issues. They recommended implementing network segregation and perimeter protection in order to prevent abuse of these vulnerabilities. They also recommended replacing EDW-100 devices with Lynx DSS L105-S1.

How to find potentially vulnerable EDW-100 systems with runZero

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

hardware:="EDW-100" OR (protocol:telnet AND banner:"Westermo EDW-100%")

*** This is a Security Bloggers Network syndicated blog from runZero Blog authored by Rob King. Read the original post at: https://www.runzero.com/blog/westermo/