Detections
Analytics
Westermo L210-F2G Cleartext Transmission of Sensitive Information (CVE-2024-37183)
high Tenable OT Security Plugin ID 503310
Synopsis
The remote OT asset is affected by a vulnerability.Description
Plain text credentials and session ID can be captured with a network sniffer.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Westermo advises users to disable HTTP access to the WebGUI and instead use HTTPS instead. This change will secure the credentials and session IDs, effectively nullifying the exploits described.
To mitigate the risk of a denial-of-service attack through continuous login attempts, Westermo recommends disabling access to the device's WebGUI on external communication interfaces. For devices in production environments, disabling the WebGUI is suggested if possible.
Westermo suggests limiting access to the device's CLI on external communication interfaces to prevent SSH DOS attacks through repeated login attempts.
Westermo will keep users updated on any further enhancements.
See Also
https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03
Plugin Details
Severity: High
ID: 503310
File Name: tenable_ot_westermo_CVE-2024-37183.nasl
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 8/6/2025
Updated: 2/14/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Information
CPE: cpe:/o:westermo:l210-f2g_firmware:4.21.0
Required KB Items: Tenable.ot/Westermo
Exploit Ease: No known exploits are available
Patch Publication Date: 6/20/2024
Vulnerability Publication Date: 6/20/2024
Reference Information
CVE: CVE-2024-37183
CWE: 319
ICSA: 24-172-03