Vulnerabilities > Westermo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-38579 | Cross-Site Request Forgery (CSRF) vulnerability in Westermo L206-F2G Firmware 4.24 The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. | 8.8 |
| 2024-02-06 | CVE-2023-40143 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-40544 | Cleartext Transmission of Sensitive Information vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | 5.7 |
| 2024-02-06 | CVE-2023-42765 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | 5.4 |
| 2024-02-06 | CVE-2023-45213 | Incorrect Comparison vulnerability in Westermo L206-F2G Firmware 4.24 A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | 6.5 |
| 2024-02-06 | CVE-2023-45222 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-45227 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-45735 | Code Injection vulnerability in Westermo L206-F2G Firmware 4.24 A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | 8.0 |
| 2020-10-15 | CVE-2020-12504 | Hidden Functionality vulnerability in multiple products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | 7.5 |
| 2020-01-18 | CVE-2020-7227 | Information Exposure vulnerability in Westermo Mrd-315 Firmware 1.7.3/1.7.4 Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. | 4.0 |