PatchSiren cyber security CVE debrief
CVE-2024-37183 Westermo CVE debrief
CVE-2024-37183 affects the Westermo L210-F2G Lynx industrial switch running firmware version 4.21.0. The vulnerability allows plaintext credentials and session identifiers to be captured via network sniffing, indicating that sensitive authentication data is transmitted without encryption. This exposure occurs when HTTP is used to access the device's WebGUI, enabling attackers with adjacent network access to intercept authentication material. The CVSS 3.1 score of 5.7 (Medium) reflects the attack vector requiring adjacent network access and user interaction, with high impact to confidentiality but no integrity or availability impact. CISA published this advisory on June 20, 2024, as ICSA-24-172-03. The vendor has not released a software patch; instead, mitigation relies on administrative configuration changes to enforce encrypted communications and restrict management interface exposure.
- Vendor
- Westermo
- Product
- L210-F2G Lynx
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-20
- Original CVE updated
- 2024-06-20
- Advisory published
- 2024-06-20
- Advisory updated
- 2024-06-20
Who should care
Organizations operating Westermo L210-F2G Lynx switches in industrial environments, particularly those with remote or distributed management requirements. Security teams responsible for OT/ICS network segmentation and hardening. Compliance officers evaluating adherence to secure communications requirements in critical infrastructure environments.
Technical summary
The Westermo L210-F2G Lynx firmware 4.21.0 transmits authentication credentials and session identifiers in plaintext when HTTP is used for WebGUI access. An attacker with adjacent network access can capture this traffic using standard network sniffing tools, obtaining valid credentials or active session tokens for unauthorized device access. The vulnerability does not require authentication to exploit but does require user interaction (a legitimate user accessing the WebGUI over HTTP) and adjacent network positioning. No firmware patch is available; risk reduction depends on administrative controls to disable HTTP, enforce HTTPS, and restrict management interface exposure.
Defensive priority
medium
Recommended defensive actions
- Disable HTTP access to the WebGUI and configure HTTPS-only management access to encrypt credential and session ID transmission.
- Restrict WebGUI access on external communication interfaces; consider disabling the WebGUI entirely for production-deployed devices where management access is not required.
- Limit CLI access on external interfaces to mitigate SSH denial-of-service risks from repeated authentication attempts.
- Monitor for vendor security advisories regarding future firmware enhancements that may address this vulnerability.
- Apply network segmentation to isolate management interfaces from operational traffic and untrusted networks.
Evidence notes
Advisory ICSA-24-172-03 confirms affected product as Westermo L210-F2G Lynx firmware 4.21.0. CVSS vector AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N supports adjacent network attack vector with high confidentiality impact. Vendor remediations specify HTTP-to-HTTPS migration and interface access restrictions as primary mitigations.
Official resources
-
CVE-2024-37183 CVE record
CVE.org
-
CVE-2024-37183 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-20