6.6

CVE-2023-45213

Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains







A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WestermoL206-f2g Firmware Version4.24
   WestermoL206-f2g Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.286
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
ics-cert@hq.dhs.gov 6.6 2.1 4
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect.

CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04
Third Party Advisory
US Government Resource