Weos
by Westermo
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7923 | Cri | 0.59 | 9.0 | 0.01 | Jan 30, 2016 | Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | ||
| CVE-2025-54319 | Med | 0.41 | 6.3 | 0.00 | Jul 20, 2025 | An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials). | ||
| CVE-2025-46419 | Med | 0.38 | 5.9 | 0.00 | Apr 24, 2025 | Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet. |
- risk 0.59cvss 9.0epss 0.01
Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.
- risk 0.41cvss 6.3epss 0.00
An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).
- risk 0.38cvss 5.9epss 0.00
Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.