CVE-2023-40544 – Westermo Lynx Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2023-40544
An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. Un atacante con acceso a la red donde se encuentran los dispositivos afectados podría realizar acciones maliciosas para obtener, a través de un sniffer, información sensible intercambiada mediante comunicaciones TCP. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-45227 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-45227
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. Un atacante con acceso a la aplicación web con software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "dns.0.server". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-38579 – Westermo Lynx 206-F2G Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-38579
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. El token de cross-site request forgery en la solicitud puede ser predecible o fácilmente adivinable, lo que permite a los atacantes crear una solicitud maliciosa, que podría ser activada por una víctima sin saberlo. En un ataque CSRF exitoso, el atacante podría llevar al usuario víctima a realizar una acción sin querer. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-352: Cross-Site Request Forgery (CSRF) •