Primary

Context

Westermo WeOS Denial-of-Service Vulnerability via Malformed ESP Packet

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Westermo WeOS versions 5.0 through 5.23.0. When the device is configured for IPSec, a malformed Encapsulating Security Payload (ESP) packet can be sent to the device, causing it to reboot immediately. This vulnerability disrupts the device's operation by forcing a reboot, which could be exploited as a denial-of-service attack.

Impact

Exploitation of this vulnerability causes the device to reboot, leading to a temporary disruption of service.

Remediation

Users are advised to upgrade to Westermo WeOS version 5.24.0 or later, which is available for download from the Westermo Network Technologies support site.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Westermo WeOS Denial-of-Service Vulnerability via Malformed ESP Packet

Vulnerability

Impact

Remediation

Affected Products

Westermo WeOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating