Westermo reports critical flaws in EDW-100 in industrial serial to Ethernet converter
Take action: If you are using Westermo EDW-100 serial to Ethernet converter, this is an urgent action. Make sure they are all isolated in trusted networks, and start replacing them. Because they are critically vulnerable, trivial to exploit and there is no patch.
Learn More
Westermo has disclosed multiple critical vulnerabilities in their EDW-100 Serial to Ethernet converter product. The Westermo EDW-100 is an industrial-grade serial to Ethernet converter designed to facilitate communication between RS-232, RS-422, and RS-485 serial devices and TCP/IP Ethernet networks. This device is engineered for use in harsh industrial environments.
The most significant vulnerabilities are:
-
CVE-2024-36080 (CVSS score 9.8) - a hidden administrator account with a hardcoded password. The credentials for the username 'root' are hard-coded and easily extracted from the image.bin file in the firmware pages. There is currently no method to change this password, posing a severe security risk.
-
CVE-2024-36081 (CVSS score 9.8) - allows an unauthenticated GET request to download the configuration file, which contains the configuration, username, and passwords in clear-text. This exposure significantly increases the risk of unauthorized access and control.
Both vulnerabilities can lead to the complete compromise of the affected devices. At present, Westermo has not released software updates to address these issues. They recommend the following mitigations:
- Implement network segregation and isolate the devices in trusted networks only
- Consider replacing EDW-100 devices with the Lynx DSS L105-S1 model.
To locate potentially vulnerable systems you can use the following query (or to find them in Shodan for attacks)
hardware:="EDW-100" OR (protocol:telnet AND banner:"Westermo EDW-100%")
