{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-45735", "ASSIGNER": "ics-cert@hq.dhs.gov", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "\n\n\n\n\nA potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.\n\n\n\n\n\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-94 Code Injection", "cweId": "CWE-94" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Westermo", "product": { "product_data": [ { "product_name": "Lynx", "version": { "version_data": [ { "version_affected": "=", "version_value": "L206-F2G1" }, { "version_affected": "=", "version_value": "4.24" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04", "refsource": "MISC", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n

Westermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities.  The reported code injection vulnerability will be mitigated in a future report.

\n\n
" } ], "value": "\nWestermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities.\u00a0\u00a0The reported code injection vulnerability will be mitigated in a future report.\n\n\n\n\n" } ], "credits": [ { "lang": "en", "value": "Aar\u00f3n Flecha Men\u00e9ndez, Iv\u00e1n Alonso \u00c1lvarez and V\u00edctor Bello Cuevas reported these vulnerabilities to CISA." } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ] } }