Westermo Network Technologies WeOS 5

Monitor5.9ICS-CERT ICSA-25-261-02Sep 18, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

WeOS 5 versions 5.23.0 and earlier contain a vulnerability that can cause the device to reboot when an attacker sends a specially crafted network request. The device is vulnerable regardless of authentication status. This affects Westermo industrial network switches and routers used in OT environments.

What this means

What could happen

An attacker could cause a Westermo WeOS 5 device to reboot unexpectedly, temporarily disrupting network connectivity and routing services in your industrial network.

Who's at risk

Network infrastructure operators who rely on Westermo WeOS 5 devices for routing, switching, or network management in industrial environments, including water utilities, electric utilities, and manufacturing plants that depend on continuous network uptime.

How it could be exploited

An attacker with network access to the affected device could send a specially crafted request that triggers a reboot condition. The attack requires specific knowledge of the device's input processing and unusual conditions, making it difficult to exploit reliably.

Prerequisites

Network access to the WeOS 5 device
No authentication required
Device must be reachable from the attacker's network location

remotely exploitableno authentication requiredaffects network availabilityhigh attack complexity limits practical risk

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

WeOS 5: <=5.23.0≤ 5.23.05.24.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to WeOS 5 devices using firewall rules; block unnecessary inbound connections from business networks and the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WeOS 5 to version 5.24.0 or later

Long-term hardening

0/2

HARDENINGSegment industrial control networks from business networks using firewalls and air gaps

HARDENINGIf remote access is required, deploy VPN with current security patches and network-based access controls

CVEs (1)

CVE-2025-46419

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cd0dd5f8-d486-442e-ac17-6546a48f09f8