PatchSiren cyber security CVE debrief
CVE-2024-35246 Westermo CVE debrief
A denial-of-service vulnerability exists in the Westermo L210-F2G Lynx industrial Ethernet switch. An unauthenticated remote attacker can cause a denial-of-service condition by sending many packets repeatedly. The vulnerability affects version 4.21.0 of the L210-F2G Lynx device. The issue was disclosed by CISA on June 20, 2024, with a CVSS 3.1 score of 7.5 (HIGH severity), indicating network-based exploitation with low attack complexity, no privileges required, and no user interaction needed, resulting in high availability impact.
- Vendor
- Westermo
- Product
- L210-F2G Lynx
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-20
- Original CVE updated
- 2024-06-20
- Advisory published
- 2024-06-20
- Advisory updated
- 2024-06-20
Who should care
Organizations operating Westermo L210-F2G Lynx industrial Ethernet switches in critical infrastructure environments, including manufacturing, energy, transportation, and utility sectors. Security teams responsible for industrial control system (ICS/SCADA) network security, network administrators managing OT/IT convergence, and compliance officers addressing NERC CIP or IEC 62443 requirements should prioritize assessment and mitigation of this vulnerability. The unauthenticated, network-based attack vector makes this particularly relevant for externally exposed or poorly segmented industrial networks.
Technical summary
The Westermo L210-F2G Lynx (version 4.21.0) contains a denial-of-service vulnerability that can be triggered by an unauthenticated remote attacker sending many packets repeatedly. The vulnerability is remotely exploitable over the network with low attack complexity. The CVSS 3.1 score of 7.5 reflects high availability impact with no confidentiality or integrity impact. CISA's advisory indicates the vulnerability affects HTTP/HTTPS WebGUI access and SSH CLI access, with attack vectors including repeated login attempts. The vendor has provided mitigation guidance focused on access restriction and protocol hardening rather than a software patch at this time.
Defensive priority
HIGH
Recommended defensive actions
- Disable HTTP access to the WebGUI and use HTTPS instead to secure credentials and session IDs
- Disable access to the device's WebGUI on external communication interfaces; for production environments, disable the WebGUI if possible
- Limit access to the device's CLI on external communication interfaces to prevent SSH denial-of-service attacks through repeated login attempts
- Monitor for vendor updates as Westermo has committed to keeping users informed of further enhancements
- Apply network segmentation to limit exposure of industrial control system devices to untrusted networks
- Implement intrusion detection systems to identify anomalous traffic patterns indicative of denial-of-service attempts
Evidence notes
The vulnerability description and affected product information are derived from CISA's CSAF-formatted advisory (ICSA-24-172-03), which identifies Westermo L210-F2G Lynx version 4.21.0 as the affected product. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms network-based, unauthenticated exploitation resulting in availability impact only.
Official resources
-
CVE-2024-35246 CVE record
CVE.org
-
CVE-2024-35246 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-24-172-03 on June 20, 2024, disclosing this vulnerability in Westermo's L210-F2G Lynx industrial switch. The advisory was issued as part of CISA's ongoing coordination with ICS vendors to address security issues