PatchSiren cyber security CVE debrief
CVE-2024-32943 Westermo CVE debrief
A denial-of-service vulnerability exists in the Westermo L210-F2G Lynx industrial switch firmware version 4.21.0. An unauthenticated remote attacker can cause a denial-of-service condition by sending a high volume of SSH packets repeatedly. The vulnerability is network-accessible with low attack complexity and requires no privileges or user interaction. While the attack does not compromise confidentiality or integrity, successful exploitation results in complete loss of availability. The vendor has provided configuration-based mitigations rather than a firmware patch at this time.
- Vendor
- Westermo
- Product
- L210-F2G Lynx
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-20
- Original CVE updated
- 2024-06-20
- Advisory published
- 2024-06-20
- Advisory updated
- 2024-06-20
Who should care
Organizations operating Westermo L210-F2G Lynx switches in industrial control system (ICS) or operational technology (OT) environments should prioritize assessment and mitigation. Network administrators responsible for securing critical infrastructure, SCADA engineers, and OT security teams managing remote access to field devices are directly affected. Organizations with externally exposed management interfaces or insufficient network segmentation face elevated risk. Compliance-focused entities in critical infrastructure sectors should evaluate this vulnerability against availability requirements and incident response preparedness.
Technical summary
The Westermo L210-F2G Lynx running firmware 4.21.0 is vulnerable to an unauthenticated network-based denial-of-service attack. The vulnerability is triggered by sending many SSH packets repeatedly, causing resource exhaustion or service disruption. The attack vector is network-based (AV:N) with low complexity (AC:L), requiring no privileges (PR:N) and no user interaction (UI:N). The CVSS 3.1 score of 7.5 reflects high impact to availability (A:H) with no impact to confidentiality or integrity. This vulnerability is particularly concerning for industrial environments where continuous availability of network infrastructure is critical for operational technology (OT) systems.
Defensive priority
HIGH
Recommended defensive actions
- Disable SSH access on external-facing communication interfaces to prevent remote exploitation of this denial-of-service vulnerability
- Restrict CLI access to trusted management networks only, implementing network segmentation for industrial control system devices
- Monitor for anomalous SSH connection patterns or high-volume packet flows targeting affected Westermo switches
- Apply vendor-recommended configuration changes to limit attack surface on production-deployed devices
- Subscribe to Westermo security advisories for future firmware updates that may provide comprehensive patches
Evidence notes
The vulnerability description and affected product version are derived from CISA CSAF advisory ICSA-24-172-03, which identifies Westermo L210-F2G Lynx firmware 4.21.0 as the affected product. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H confirms network accessibility and high availability impact with no authentication required.
Official resources
-
CVE-2024-32943 CVE record
CVE.org
-
CVE-2024-32943 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-24-172-03 on June 20, 2024, disclosing this vulnerability in Westermo L210-F2G Lynx firmware 4.21.0. The advisory was issued through CISA's CSAF-based OT security advisory program.