Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for L210-F2G Lynx by Westermo

    CVE-2024-35246 (GCVE-0-2024-35246)

    Vulnerability from nvd – Published: 2024-06-20 22:11 – Updated: 2024-08-02 03:07
    VLAI
    Title
    Westermo L210-F2G Lynx Improper Control of Interaction Frequency
    Summary
    An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Westermo L210-F2G Lynx Affected: 4.21.0
    Create a notification for this product.
    westermo l210-f2g_lynx_firmware Affected: 4.21.0
        cpe:2.3:o:westermo:l210-f2g_lynx_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:westermo:l210-f2g_lynx_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "l210-f2g_lynx_firmware",
                "vendor": "westermo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.21.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-25T15:02:47.450661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-25T15:03:48.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:07:46.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "L210-F2G Lynx",
              "vendor": "Westermo",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.21.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.\n\n"
                }
              ],
              "value": "An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-20T22:11:40.479Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
            }
          ],
          "source": {
            "advisory": "ICSA-24-172-03",
            "discovery": "EXTERNAL"
          },
          "title": "Westermo L210-F2G Lynx Improper Control of Interaction Frequency",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\u003cp\u003eWestermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\u003c/p\u003e\n\u003cp\u003eTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\u003c/p\u003e\n\u003cp\u003eWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\u003c/p\u003e\n\u003cp\u003eWestermo will keep users updated on any further enhancements.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Westermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\n\n\nTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\n\n\nWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\n\n\nWestermo will keep users updated on any further enhancements."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-35246",
        "datePublished": "2024-06-20T22:11:40.479Z",
        "dateReserved": "2024-06-13T14:52:17.249Z",
        "dateUpdated": "2024-08-02T03:07:46.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32943 (GCVE-0-2024-32943)

    Vulnerability from nvd – Published: 2024-06-20 22:12 – Updated: 2024-08-02 02:27
    VLAI
    Title
    Westermo L210-F2G Lynx Improper Control of Interaction Frequency
    Summary
    An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Westermo L210-F2G Lynx Affected: 4.21.0
    Create a notification for this product.
    Credits
    Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32943",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-21T13:47:36.074775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-21T13:47:48.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:27:52.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "L210-F2G Lynx",
              "vendor": "Westermo",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.21.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\nAn attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.\n\n"
                }
              ],
              "value": "An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-20T22:12:34.239Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
            }
          ],
          "source": {
            "advisory": "ICSA-24-172-03",
            "discovery": "EXTERNAL"
          },
          "title": "Westermo L210-F2G Lynx Improper Control of Interaction Frequency",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\u003cp\u003eWestermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\u003c/p\u003e\n\u003cp\u003eTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\u003c/p\u003e\n\u003cp\u003eWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\u003c/p\u003e\n\u003cp\u003eWestermo will keep users updated on any further enhancements.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Westermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\n\n\nTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\n\n\nWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\n\n\nWestermo will keep users updated on any further enhancements."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-32943",
        "datePublished": "2024-06-20T22:12:34.239Z",
        "dateReserved": "2024-06-13T14:52:17.243Z",
        "dateUpdated": "2024-08-02T02:27:52.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37183 (GCVE-0-2024-37183)

    Vulnerability from nvd – Published: 2024-06-20 22:09 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information
    Summary
    Plain text credentials and session ID can be captured with a network sniffer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Westermo L210-F2G Lynx Affected: 4.21.0
    Create a notification for this product.
    westermo l210-f2g_lynx_firmware Affected: 4.21.0
        cpe:2.3:o:westermo:l210-f2g_lynx_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:westermo:l210-f2g_lynx_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "l210-f2g_lynx_firmware",
                "vendor": "westermo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.21.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37183",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-21T14:25:44.014433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-21T14:32:02.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:55.374Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "L210-F2G Lynx",
              "vendor": "Westermo",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.21.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nPlain text credentials and session ID can be captured with a network sniffer.\n\n"
                }
              ],
              "value": "Plain text credentials and session ID can be captured with a network sniffer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-20T22:09:21.235Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
            }
          ],
          "source": {
            "advisory": "ICSA-24-172-03",
            "discovery": "EXTERNAL"
          },
          "title": "Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\u003cp\u003eWestermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\u003c/p\u003e\n\u003cp\u003eTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\u003c/p\u003e\n\u003cp\u003eWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\u003c/p\u003e\n\u003cp\u003eWestermo will keep users updated on any further enhancements.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Westermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\n\n\nTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\n\n\nWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\n\n\nWestermo will keep users updated on any further enhancements."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-37183",
        "datePublished": "2024-06-20T22:09:21.235Z",
        "dateReserved": "2024-06-13T14:52:17.253Z",
        "dateUpdated": "2024-08-02T03:50:55.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32943 (GCVE-0-2024-32943)

    Vulnerability from cvelistv5 – Published: 2024-06-20 22:12 – Updated: 2024-08-02 02:27
    VLAI
    Title
    Westermo L210-F2G Lynx Improper Control of Interaction Frequency
    Summary
    An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Westermo L210-F2G Lynx Affected: 4.21.0
    Create a notification for this product.
    Credits
    Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32943",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-21T13:47:36.074775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-21T13:47:48.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:27:52.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "L210-F2G Lynx",
              "vendor": "Westermo",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.21.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\nAn attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.\n\n"
                }
              ],
              "value": "An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-20T22:12:34.239Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
            }
          ],
          "source": {
            "advisory": "ICSA-24-172-03",
            "discovery": "EXTERNAL"
          },
          "title": "Westermo L210-F2G Lynx Improper Control of Interaction Frequency",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\u003cp\u003eWestermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\u003c/p\u003e\n\u003cp\u003eTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\u003c/p\u003e\n\u003cp\u003eWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\u003c/p\u003e\n\u003cp\u003eWestermo will keep users updated on any further enhancements.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Westermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\n\n\nTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\n\n\nWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\n\n\nWestermo will keep users updated on any further enhancements."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-32943",
        "datePublished": "2024-06-20T22:12:34.239Z",
        "dateReserved": "2024-06-13T14:52:17.243Z",
        "dateUpdated": "2024-08-02T02:27:52.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35246 (GCVE-0-2024-35246)

    Vulnerability from cvelistv5 – Published: 2024-06-20 22:11 – Updated: 2024-08-02 03:07
    VLAI
    Title
    Westermo L210-F2G Lynx Improper Control of Interaction Frequency
    Summary
    An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Westermo L210-F2G Lynx Affected: 4.21.0
    Create a notification for this product.
    westermo l210-f2g_lynx_firmware Affected: 4.21.0
        cpe:2.3:o:westermo:l210-f2g_lynx_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:westermo:l210-f2g_lynx_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "l210-f2g_lynx_firmware",
                "vendor": "westermo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.21.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-25T15:02:47.450661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-25T15:03:48.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:07:46.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "L210-F2G Lynx",
              "vendor": "Westermo",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.21.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nAn attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.\n\n"
                }
              ],
              "value": "An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-20T22:11:40.479Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
            }
          ],
          "source": {
            "advisory": "ICSA-24-172-03",
            "discovery": "EXTERNAL"
          },
          "title": "Westermo L210-F2G Lynx Improper Control of Interaction Frequency",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\u003cp\u003eWestermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\u003c/p\u003e\n\u003cp\u003eTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\u003c/p\u003e\n\u003cp\u003eWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\u003c/p\u003e\n\u003cp\u003eWestermo will keep users updated on any further enhancements.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Westermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\n\n\nTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\n\n\nWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\n\n\nWestermo will keep users updated on any further enhancements."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-35246",
        "datePublished": "2024-06-20T22:11:40.479Z",
        "dateReserved": "2024-06-13T14:52:17.249Z",
        "dateUpdated": "2024-08-02T03:07:46.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37183 (GCVE-0-2024-37183)

    Vulnerability from cvelistv5 – Published: 2024-06-20 22:09 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information
    Summary
    Plain text credentials and session ID can be captured with a network sniffer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Westermo L210-F2G Lynx Affected: 4.21.0
    Create a notification for this product.
    westermo l210-f2g_lynx_firmware Affected: 4.21.0
        cpe:2.3:o:westermo:l210-f2g_lynx_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:westermo:l210-f2g_lynx_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "l210-f2g_lynx_firmware",
                "vendor": "westermo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.21.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37183",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-21T14:25:44.014433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-21T14:32:02.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:55.374Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "L210-F2G Lynx",
              "vendor": "Westermo",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.21.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aviv Malka and Joseph Baum of OTORIO reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nPlain text credentials and session ID can be captured with a network sniffer.\n\n"
                }
              ],
              "value": "Plain text credentials and session ID can be captured with a network sniffer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-20T22:09:21.235Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03"
            }
          ],
          "source": {
            "advisory": "ICSA-24-172-03",
            "discovery": "EXTERNAL"
          },
          "title": "Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\u003cp\u003eWestermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\u003c/p\u003e\n\u003cp\u003eTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\u003c/p\u003e\n\u003cp\u003eWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\u003c/p\u003e\n\u003cp\u003eWestermo will keep users updated on any further enhancements.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Westermo advises users to disable HTTP access to the WebGUI and \ninstead use HTTPS instead. This change will secure the credentials and \nsession IDs, effectively nullifying the exploits described.\n\n\nTo mitigate the risk of a denial-of-service attack through continuous\n login attempts, Westermo recommends disabling access to the device\u0027s \nWebGUI on external communication interfaces. For devices in production \nenvironments, disabling the WebGUI is suggested if possible.\n\n\nWestermo suggests limiting access to the device\u0027s CLI on external \ncommunication interfaces to prevent SSH DOS attacks through repeated \nlogin attempts.\n\n\nWestermo will keep users updated on any further enhancements."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-37183",
        "datePublished": "2024-06-20T22:09:21.235Z",
        "dateReserved": "2024-06-13T14:52:17.253Z",
        "dateUpdated": "2024-08-02T03:50:55.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }