CVE-2023-40544
Westermo Lynx Cleartext Transmission of Sensitive Information
Severity Score
5.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.
Un atacante con acceso a la red donde se encuentran los dispositivos afectados podría realizar acciones maliciosas para obtener, a través de un sniffer, información sensible intercambiada mediante comunicaciones TCP.
*Credits:
Aarón Flecha Menéndez, Iván Alonso Álvarez and Víctor Bello Cuevas reported these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-12 CVE Reserved
- 2024-02-06 CVE Published
- 2024-02-13 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Westermo Search vendor "Westermo" | L206-f2g Firmware Search vendor "Westermo" for product "L206-f2g Firmware" | 4.24 Search vendor "Westermo" for product "L206-f2g Firmware" and version "4.24" | - |
Affected
| in | Westermo Search vendor "Westermo" | L206-f2g Search vendor "Westermo" for product "L206-f2g" | - | - |
Safe
|