Westermo Network Technologies WeOS 5

MonitorCVSS 5.9ICS-CERT ICSA-25-261-02Sep 18, 2025

Westermo

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A denial-of-service vulnerability in Westermo WeOS 5 versions 5.23.0 and earlier could cause an affected device to reboot when exposed to specially crafted network traffic. This impacts network continuity for devices relying on WeOS 5-based equipment for connectivity or monitoring functions. The vulnerability requires specific network conditions and has high attack complexity.

What this means

What could happen

A remote attacker could cause a WeOS 5 device to reboot unexpectedly, interrupting network connectivity and any dependent control or monitoring functions that rely on this device.

Who's at risk

Network operators, particularly at utilities and industrial facilities that deploy Westermo industrial networking equipment (switches, routers, gateways) running WeOS 5 for remote monitoring, communication, or control network connectivity.

How it could be exploited

An attacker on the network could send a specially crafted packet to trigger a denial-of-service condition that causes the WeOS 5 device to reboot. The attack requires specific network conditions and cannot be exploited without valid network access to the device.

Prerequisites

Network access to the WeOS 5 device
Knowledge of specific network conditions required to trigger the vulnerability (high attack complexity)

remotely exploitableno authentication requiredhigh attack complexityaffects network availability

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

WeOS 5: <=5.23.0≤ 5.23.05.24.0

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to WeOS 5 devices from untrusted networks using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WeOS 5 to version 5.24.0 or later

Long-term hardening

0/1

HARDENINGSegment WeOS 5 devices and other industrial network equipment from business networks

CVEs (1)

CVE-2025-46419

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cd0dd5f8-d486-442e-ac17-6546a48f09f8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.