Lucene search

[email protected]NVD:CVE-2024-36081

HistoryMay 19, 2024 - 8:15 p.m.

CVE-2024-36081

2024-05-1920:15:08

CWE-522

CWE-256

[email protected]

web.nvd.nist.gov

westermo edw-100

unauthenticated access

configuration file

cleartext password

network edge

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

JSON

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.

References

www.westermo.com/-/media/Files/Cyber-security/westermo_sa_EDW-100_24-05.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

JSON

Related for NVD:CVE-2024-36081

cvelist1 vulnrichment1 cve1 ics1