Westermo Network Technologies WeOS 5

MonitorCVSS 7.6ICS-CERT ICSA-25-261-01Sep 18, 2025

Westermo

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityHigh

User InteractionRequired

Summary

Westermo WeOS 5 contains a privilege escalation vulnerability (CWE-78) in versions 5.24 and later. An attacker with administrative permissions can execute commands with privileges beyond those normally granted, potentially circumventing intended access controls. No software patch is available from the vendor.

What this means

What could happen

An admin account holder with malicious intent or a compromised admin account could run elevated commands on WeOS network devices, potentially disrupting network-based industrial operations, altering device configurations, or blocking communications between control system components.

Who's at risk

Network operators managing Westermo industrial network devices (WeOS 5 switches, gateways, and network appliances used in utility SCADA networks, manufacturing plants, and critical infrastructure). Organizations running WeOS 5 version 5.24 or later are affected.

How it could be exploited

An attacker must first obtain valid administrative credentials for the WeOS device (through credential compromise, phishing, or insider access). Once logged in as admin, the attacker can exploit the privilege escalation vulnerability to execute OS commands with elevated privileges that bypass the normal privilege model of the device.

Prerequisites

Valid administrative credentials for the WeOS 5 device
Network access to the WeOS device management interface
Physical or logical access to trigger the vulnerability condition

No patch available from vendorRequires administrative credentials (reduces risk)High attack complexityCould affect network-critical devices in industrial settingsPrivilege escalation on infrastructure device

Affected products (1)

ProductAffected VersionsFix Status

WeOS 5: >=5.24≥ 5.24No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGRestrict WeOS device administrative access to a minimal set of trusted administrators with a documented justification for each account.

HARDENINGEnforce strong, unique passwords for all WeOS administrative accounts; use a password manager or centralized credential store for secure management.

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGImplement multi-factor authentication (MFA) or additional authentication controls on WeOS administrative access if the device supports it.

HARDENINGMonitor WeOS device administrative logs for unauthorized login attempts or privilege escalation activities; alert on suspicious patterns.

HARDENINGDisable or restrict remote management access to WeOS devices; use VPN or similar secure tunnels only when remote administration is required.

Mitigations - no patch available

0/1

WeOS 5: >=5.24 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment WeOS network devices behind firewalls and restrict management access to a secure jump host or out-of-band management network.

CVEs (1)

CVE-2025-46418

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/170fbc7d-fdc9-44d3-a712-76aafa9de2da

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.