CVE-2023-45735 – This vulnerability in Westermo Lynx devices all... (How to Fix)

Q: What is the severity of CVE-2023-45735?

CVE-2023-45735 has a CVSS score of 8.0 (HIGH). This vulnerability in Westermo Lynx devices allows attackers with device access to execute arbitrary code, potentially compromising device functionality. It affects organizations using these industrial networking devices, particularly in critical infrastructure sectors.

📋 TL;DR

This vulnerability in Westermo Lynx devices allows attackers with device access to execute arbitrary code, potentially compromising device functionality. It affects organizations using these industrial networking devices, particularly in critical infrastructure sectors.

💻 Affected Systems

Products:

Westermo Lynx devices

Versions: Specific versions not detailed in advisory; check vendor documentation

Operating Systems: Embedded OS on Westermo devices

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the device; industrial control systems using these devices are particularly at risk.

📦 What is this software?

L206 F2g Firmware by Westermo

View all CVEs affecting L206 F2g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to disruption of industrial operations, data exfiltration, or lateral movement within operational technology networks.

🟠

Likely Case

Local privilege escalation allowing attackers to modify device configurations, disrupt network communications, or install persistent backdoors.

🟢

If Mitigated

Limited impact if devices are properly segmented and access controls prevent unauthorized local access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the device; no public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Westermo security advisory for specific patched versions

Vendor Advisory: https://www.westermo.com/security-advisories

Restart Required: Yes

Instructions:

1. Check current device firmware version. 2. Download latest firmware from Westermo support portal. 3. Follow vendor's firmware update procedure. 4. Verify successful update and restart device.

🔧 Temporary Workarounds

Restrict Physical and Network Access

all

Limit who can physically access devices and implement network segmentation

Implement Least Privilege Access

all

Ensure only authorized personnel have administrative access to devices

🧯 If You Can't Patch

Isolate vulnerable devices in separate network segments with strict firewall rules
Implement continuous monitoring for unusual device behavior or configuration changes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor's vulnerable version list

Check Version:

Device-specific command via serial console or web interface (consult device manual)

Verify Fix Applied:

Confirm firmware version matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Configuration changes without authorization
Unusual login attempts

Network Indicators:

Unexpected outbound connections from devices
Anomalous traffic patterns

SIEM Query:

source="westermo-lynx" AND (event_type="config_change" OR event_type="reboot")

📊 Metadata

CVE ID: CVE-2023-45735

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: February 6, 2024

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45735, you might also want to check these: