{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-45735","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-10-12T20:21:27.722Z","datePublished":"2024-02-06T21:48:14.731Z","dateUpdated":"2024-08-19T20:23:15.940Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Lynx","vendor":"Westermo","versions":[{"status":"affected","version":"L206-F2G1"},{"status":"affected","version":"4.24"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Aarón Flecha Menéndez, Iván Alonso Álvarez and Víctor Bello Cuevas reported these vulnerabilities to CISA."}],"datePublic":"2024-01-23T21:45:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.</span>\n\n</span>\n\n</span>\n\n"}],"value":"\n\n\n\n\nA potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.\n\n\n\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94 Code Injection","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2024-02-06T21:48:14.731Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04"}],"source":{"discovery":"EXTERNAL"},"title":"Westermo Lynx Code Injection","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<p>Westermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities.&nbsp;&nbsp;<span style=\"background-color: var(--wht);\">The reported code injection vulnerability will be mitigated in a future report.</span></p>\n\n<br>"}],"value":"\nWestermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities.  The reported code injection vulnerability will be mitigated in a future report.\n\n\n\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:29:31.595Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04","tags":["x_transferred"]}]},{"affected":[{"vendor":"westermo","product":"l206-f2g1_firmware","cpes":["cpe:2.3:o:westermo:l206-f2g1_firmware:4.24:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.24","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-19T20:20:19.123202Z","id":"CVE-2023-45735","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-19T20:23:15.940Z"}}]}}