Westermo Network Technologies WeOS 5

Monitor7.6ICS-CERT ICSA-25-261-01Sep 18, 2025

Attack VectorNetwork

Auth RequiredHigh

ComplexityHigh

User InteractionRequired

Summary

Westermo WeOS 5 versions 5.24 and later contain a privilege escalation vulnerability that allows an authenticated attacker with administrative permissions to execute commands with elevated privileges beyond normal admin scope. This is a command injection issue (CWE-78) that requires high attack complexity and specific conditions to trigger. No software update is available; vendor mitigation relies on administrative access control and password hygiene.

What this means

What could happen

An attacker with admin credentials to a Westermo WeOS 5 device could execute arbitrary commands with elevated privileges, potentially compromising network routing, firewall rules, or other critical network infrastructure functions. This could disrupt communications between control system networks and field devices.

Who's at risk

This affects organizations operating Westermo WeOS 5 devices (network switches/routers used in industrial networks and utilities). Device administrators and network operators responsible for maintaining these network appliances should prioritize access control measures.

How it could be exploited

An attacker with valid administrative credentials must interact with the device (likely via web interface or SSH) to trigger a privilege escalation condition. The high attack complexity suggests a specific sequence of actions or configuration state is required to succeed, making casual exploitation unlikely but possible for someone with intimate knowledge of the device.

Prerequisites

Valid administrative account credentials for the Westermo WeOS 5 device
Network access to the device (likely port 443 for HTTPS or similar administrative interface)
Physical or remote access to the device's administrative interface
Knowledge of or ability to discover the specific condition that triggers privilege escalation

Requires valid administrative credentials (reduces risk)High attack complexity (specific conditions required)No vendor patch availableHigh CVSS (7.6) indicates privilege escalation severity

Affected products (1)

ProductAffected VersionsFix Status

WeOS 5: >=5.24≥ 5.24No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGRestrict administrative account access to trusted personnel only; implement access controls to limit who can log in

HARDENINGEnforce strong password policies for all administrative accounts (length, complexity, rotation requirements)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor and log all administrative access attempts to Westermo devices for detection of unauthorized activity

Mitigations - no patch available

0/3

WeOS 5: >=5.24 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate WeOS 5 devices behind firewalls and do not expose them to the Internet or untrusted networks

HARDENINGSegment WeOS 5 devices from business networks; use a dedicated out-of-band management network if possible

HARDENINGIf remote administration is required, use VPN with current patches and strong authentication

CVEs (1)

CVE-2025-46418

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/170fbc7d-fdc9-44d3-a712-76aafa9de2da