VYPR

Vendor CVEs

Westermo

All CVEs

25 total · sorted by risk
  • CVE-2024-36081CriMay 19, 2024
    risk 0.64cvss 9.8epss 0.01

    Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.

  • CVE-2024-36080CriMay 19, 2024
    risk 0.64cvss 9.8epss 0.01

    Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.

  • CVE-2015-7923CriJan 30, 2016
    risk 0.59cvss 9.0epss 0.01

    Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

  • CVE-2017-12703HigAug 25, 2017
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible…

  • CVE-2016-5816HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.02

    A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any…

  • CVE-2025-54319MedJul 20, 2025
    risk 0.41cvss 6.3epss 0.00

    An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).

  • CVE-2025-46419MedApr 24, 2025
    risk 0.38cvss 5.9epss 0.00

    Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.

  • CVE-2017-12709MedAug 25, 2017
    risk 0.34cvss 5.3epss 0.00

    A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.

  • CVE-2020-12503Oct 15, 2020
    risk 0.01cvss epss 0.23

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3…

  • CVE-2023-40143Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter.

  • CVE-2023-45735Feb 6, 2024
    risk 0.00cvss epss 0.01

    A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.

  • CVE-2023-45222Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.

  • CVE-2023-45213Feb 6, 2024
    risk 0.00cvss epss 0.00

    A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.

  • CVE-2023-42765Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.

  • CVE-2023-40544Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.

  • CVE-2023-45227Feb 6, 2024
    risk 0.00cvss epss 0.00

    An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.

  • CVE-2023-38579Feb 6, 2024
    risk 0.00cvss epss 0.00

    The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to…

  • CVE-2020-25155Nov 13, 2020
    risk 0.00cvss epss 0.01

    The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions).

  • CVE-2020-12504Oct 15, 2020
    risk 0.00cvss epss 0.03

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3…

  • CVE-2020-12502Oct 15, 2020
    risk 0.00cvss epss 0.01

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3…

  • CVE-2020-12501Oct 15, 2020
    risk 0.00cvss epss 0.03

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

  • CVE-2020-12500Oct 15, 2020
    risk 0.00cvss epss 0.03

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.

  • CVE-2018-19612May 24, 2019
    risk 0.00cvss epss 0.02

    The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.

  • CVE-2018-19613May 24, 2019
    risk 0.00cvss epss 0.01

    Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF.

  • CVE-2018-19614May 23, 2019
    risk 0.00cvss epss 0.01

    XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers.