CRITICAL🇵🇱 Wersja polska

CVE-2015-7923

CVSS 9.0v3.0pub. 2016-01-30upd. 2026-05-06

Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Westermo Weos

    OS
    Westermo
    4.18.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-12504CRITICAL9.8ten sam vendor

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...

CVE-2024-35246HIGH8.7ten sam vendor

An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.

CVE-2024-32943HIGH8.7ten sam vendor

An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.

CVE-2023-45735HIGH8.0ten sam vendor

A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that c...

CVE-2023-38579HIGH8.0ten sam vendor

The cross-site request forgery token in the request may be predictable or easily guessable allowi...