January 26, 2024 at 08:15AM
CISA warned that Westermo Lynx industrial switches are vulnerable to eight flaws, with potential for remote exploitation and device tampering. Spanish cybersecurity researchers identified the flaws, including cross-site scripting and code injection. Although some vulnerabilities are challenging to exploit, the company is addressing the issues with a patch for CSRF and plans to fix the rest.
Key takeaways from the meeting notes:
– The US security agency CISA has informed organizations that some Westermo Lynx industrial switches are affected by multiple vulnerabilities, with the Lynx 206-F2G industrial Ethernet switches being specifically affected by eight vulnerabilities, including two high-severity and six medium-severity issues.
– The vulnerabilities were discovered by Aarón Flecha Menéndez, Iván Alonso Álvarez, and Víctor Bello Cuevas of Spain-based cybersecurity firm S21sec. These vulnerabilities include stored cross-site scripting (XSS) bugs, code injection, cross-origin resource sharing issues, and a cross-site request forgery (CSRF) vulnerability.
– The identified vulnerabilities could potentially allow an attacker with remote access to the device to inject malicious code, modify device behavior, communications, or deny access to users. Additionally, the researchers found internet-exposed devices that may be vulnerable to remote attacks.
– While Westermo has not yet published a security advisory, they have informed CISA that the CSRF flaw has been patched and the remaining vulnerabilities will be addressed in the future.
– It’s important to note that while some vulnerabilities could be exploited without authentication, others may require social engineering techniques or face anti-CSRF headers that could block attack attempts.
These takeaways highlight the significance of the vulnerabilities discovered, the potential impact on affected devices, and the ongoing efforts to address and mitigate these security issues.