6.6
CVE-2023-45213
- EPSS 0.37%
- Veröffentlicht 06.02.2024 22:16:13
- Zuletzt bearbeitet 21.11.2024 08:26:33
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Westermo ≫ L206-f2g Firmware Version4.24
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.286 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| ics-cert@hq.dhs.gov | 6.6 | 2.1 | 4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
|
CWE-697 Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect.
CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04