Vulnerabilities > CVE-2015-7923 - Cryptographic Issues vulnerability in Westermo Weos 4.18.0

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

westermo

CWE-310

critical

NVD

Published: 2016-01-30

Updated: 2016-03-07

Summary

Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

Vulnerable Configurations

Part	Description	Count
OS	Westermo Westermo Weos 4.18.0	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-028-01