CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32943 – Westermo L210-F2G Lynx Improper Control of Interaction Frequency
https://notcve.org/view.php?id=CVE-2024-32943
20 Jun 2024 — An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03 • CWE-799: Improper Control of Interaction Frequency •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35246 – Westermo L210-F2G Lynx Improper Control of Interaction Frequency
https://notcve.org/view.php?id=CVE-2024-35246
20 Jun 2024 — An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03 • CWE-799: Improper Control of Interaction Frequency •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37183 – Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2024-37183
20 Jun 2024 — Plain text credentials and session ID can be captured with a network sniffer. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40143 – Westermo Lynx
https://notcve.org/view.php?id=CVE-2023-40143
06 Feb 2024 — An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. Un atacante con acceso a la aplicación web Westermo Lynx que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "forward.0.domain". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45735 – Westermo Lynx Code Injection
https://notcve.org/view.php?id=CVE-2023-45735
06 Feb 2024 — A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45222 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-45222
06 Feb 2024 — An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. Un atacante con acceso a la aplicación web que tiene el software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "autorefresh". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45213 – Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains
https://notcve.org/view.php?id=CVE-2023-45213
06 Feb 2024 — A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-697: Incorrect Comparison CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42765 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-42765
06 Feb 2024 — An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. Un atacante con acceso al software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "username" en la configuración SNMP. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40544 – Westermo Lynx Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2023-40544
06 Feb 2024 — An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. Un atacante con acceso a la red donde se encuentran los dispositivos afectados podría realizar acciones maliciosas para obtener, a través de un sniffer, información sensible intercambiada mediante comunicaciones TCP. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45227 – Westermo Lynx Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-45227
06 Feb 2024 — An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. Un atacante con acceso a la aplicación web con software vulnerable podría introducir JavaScript arbitrario inyectando un payload de cross-site scripting en el parámetro "dns.0.server". • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •