CVE-2015-7923 – This vulnerability allows man-in-the-middle att... (How to Fix)

Q: What is the severity of CVE-2015-7923?

CVE-2015-7923 has a CVSS score of 9.0 (CRITICAL). This vulnerability allows man-in-the-middle attackers to decrypt SSL/TLS communications on Westermo WeOS devices because all installations used the same hardcoded private key. Any organization using affected WeOS versions is vulnerable to intercepted and decrypted network traffic.

📋 TL;DR

This vulnerability allows man-in-the-middle attackers to decrypt SSL/TLS communications on Westermo WeOS devices because all installations used the same hardcoded private key. Any organization using affected WeOS versions is vulnerable to intercepted and decrypted network traffic.

💻 Affected Systems

Products:

Westermo WeOS

Versions: All versions before 4.19.0

Operating Systems: WeOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations use the same hardcoded SSL private key by default.

📦 What is this software?

Weos by Westermo

View all CVEs affecting Weos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete decryption of all SSL/TLS traffic, credential theft, session hijacking, and unauthorized access to industrial control systems.

🟠

Likely Case

Interception and decryption of sensitive data transmitted over SSL/TLS, potentially exposing credentials and operational data.

🟢

If Mitigated

Limited impact if network segmentation prevents man-in-the-middle positioning or if alternative encryption methods are used.

🌐 Internet-Facing: HIGH - Internet-facing devices are directly exposed to man-in-the-middle attacks from external actors.

🏢 Internal Only: MEDIUM - Internal attackers with network access could still perform man-in-the-middle attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires man-in-the-middle positioning but no authentication. The hardcoded key is publicly known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.19.0 and later

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-16-028-01

Restart Required: Yes

Instructions:

1. Download WeOS version 4.19.0 or later from Westermo support portal. 2. Backup current configuration. 3. Upload and install the new firmware. 4. Reboot the device. 5. Generate new unique SSL certificates.

🔧 Temporary Workarounds

Replace SSL certificates

all

Generate and install unique SSL certificates for each device to replace the hardcoded key.

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout device.key -out device.crt

Network segmentation

all

Isolate WeOS devices in separate VLANs with strict access controls to limit man-in-the-middle opportunities.

🧯 If You Can't Patch

Isolate affected devices in dedicated network segments with strict firewall rules
Implement VPN tunnels for all communications to/from affected devices

🔍 How to Verify

Check if Vulnerable:

Check WeOS version via web interface or CLI. If version is below 4.19.0, device is vulnerable.

Check Version:

show version

Verify Fix Applied:

Verify version is 4.19.0 or higher and check that SSL certificates are unique (not the default hardcoded key).

📡 Detection & Monitoring

Log Indicators:

SSL/TLS handshake failures
Certificate validation errors
Unexpected certificate changes

Network Indicators:

SSL/TLS traffic interception attempts
Certificate fingerprint matches known vulnerable key

SIEM Query:

source="weos" AND (event="ssl_error" OR event="certificate_error")

📊 Metadata

CVE ID: CVE-2015-7923

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-310

Published: January 30, 2016

Last Updated: April 12, 2025

🔗 References

https://ics-cert.us-cert.gov/advisories/ICSA-16-028-01 Third Party Advisory,US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-028-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-7923, you might also want to check these: