Lucene search

IcscertVULNRICHMENT:CVE-2024-37183

HistoryJun 20, 2024 - 10:09 p.m.

CVE-2024-37183 Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information

2024-06-2022:09:21

CWE-319

icscert

github.com

cve-2024-37183

westermo

l210-f2g

lynx

cleartext transmission

sensitive information

plain text credentials

session id

network sniffer

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS4

6.9

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Plain text credentials and session ID can be captured with a network sniffer.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:westermo:l210-f2g_lynx_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "westermo",
    "product": "l210-f2g_lynx_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "4.21.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-172-03

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS4

6.9

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-37183