Westermo EDW-100

Act Now9.8ICS-CERT ICSA-24-151-04May 30, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Westermo EDW-100 (all versions) contains hardcoded credentials that allow unauthenticated remote access to the device management interface. Once authenticated, an attacker can download all stored usernames and passwords in cleartext. The EDW-100 is a serial-to-Ethernet industrial converter used to bridge legacy serial devices to network infrastructure. The vendor states no security updates will be released and recommends replacing the device with the Lynx DSS L105-S1.

What this means

What could happen

An attacker with network access can use hardcoded credentials to access the EDW-100 and download all stored usernames and passwords in cleartext, potentially compromising connected serial devices and control systems on your network.

Who's at risk

This affects any organization using Westermo EDW-100 serial-to-Ethernet converters to bridge legacy industrial equipment (motor drives, sensors, RTUs, serial-based PLCs, SCADA instruments) to network-connected systems. Water utilities, electric distribution, wastewater treatment, and manufacturing facilities with older serial-based field devices are most at risk.

How it could be exploited

An attacker on the network identifies the EDW-100 (serial-to-Ethernet converter), connects to its management interface, and authenticates using hardcoded credentials embedded in the firmware. Once authenticated, the attacker downloads the device's credential storage, which contains plaintext usernames and passwords for connected industrial devices.

Prerequisites

Network-routable access to the EDW-100 management interface (typically port 22 SSH or web console)
No other credentials required; hardcoded credentials are built into firmware

Remotely exploitableNo authentication required (hardcoded credentials)Low complexity attackNo patch availableEnd-of-life device (replacement required)Cleartext credential storage

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

EDW-100: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGImplement network-to-network protection (VPN or industrial firewall) between the security zone containing EDW-100 and other network segments

WORKAROUNDRestrict network access to EDW-100 management interface using firewall rules; allow only trusted engineering workstations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement physical access controls to prevent unauthorized connection or modification of the EDW-100 device

HOTFIXPlan replacement of EDW-100 with Lynx DSS L105-S1 or equivalent supported industrial device server

Mitigations - no patch available

0/1

EDW-100: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGNetwork segregation: Do not place EDW-100 at network edge; isolate it in a protected security zone per IEC 62443 standard

CVEs (2)

CVE-2024-36080 CVE-2024-36081

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fd72b10e-4ecf-4685-9b3d-c884cd163f32