Zurück zur Übersicht

Welotec: Multiple products are vulnerable to regreSSHion

VDE-2024-043
Last update
22.08.2024 08:00
Published at
22.08.2024 08:00
Vendor(s)
Welotec GmbH
External ID
VDE-2024-043
CSAF Document
Download

Summary

Products from the Edge Gateway Family are affected by recently published so called RegreSSHion vulnerability.

Impact

The vulnerability can lead to unauthenticated remote code execution.

Affected Product(s)

Model no. Product name Affected versions
WEG500100170 EG500Mk2-A11001-000101 Firmware <=v1.5.3
WEG500100290 EG500Mk2-A11001-000201 Firmware <=v1.5.3
WEG500100160 EG500Mk2-A11101-000101 Firmware <=v1.5.3
WEG500100280 EG500Mk2-A12011-000101 Firmware <=v1.5.3
WEG500100190 EG500Mk2-B11001-000101 Firmware <=v1.5.3
WEG500100180 EG500Mk2-B11101-000101 Firmware <=v1.5.3
WEG500100270 EG500Mk2-C11001-000101 Firmware <=v1.5.3
WEG500100260 EG500Mk2-C11101-000101 Firmware <=v1.5.3
WEG500100020 EG503L Firmware <=v1.5.3
WEG500100130 EG503L-G Firmware <=v1.5.3
WEG500100040 EG503L_4GB Firmware <=v1.5.3
WEG500100010 EG503W Firmware <=v1.5.3
WEG500100030 EG503W_4GB Firmware <=v1.5.3
WEG600100020 EG602L Firmware <=v1.5.3
WEG600100010 EG602W Firmware <=v1.5.3
WEG600100050 EG603L Mk2 Firmware <=v1.5.3
WEG600100040 EG603W Mk2 Firmware <=v1.5.3
WEG800100010 EG802W Firmware <=v1.5.3
WEG800100040 EG802W_i7_512GB_DinRail Firmware <=v1.5.3
WEG800100050 EG802W_i7_512GB_w/o DinRail Firmware <=v1.5.3
WEG800100020 EG804W Firmware <=v1.5.3

Vulnerabilities

Expand / Collapse all

Published
24.09.2025 12:42
Severity
8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Summary

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

References
cve.org | nvd.nist.gov

Mitigation

Disable SSH Access via CLI Command or Config Import locally or for a centrally managed device by changing the configuration in SMART EMSRefer to eG OS manual chapter 4.26 for further information

Remediation

Update egOS on affected products to version v1.5.4

Acknowledgments

Welotec GmbH thanks the following parties for their efforts:

  • CERT@VDE for coordination (see https://certvde.com )
  • Qualys Threat Research Unit (TRU) for reporting

Revision History

Version Date Summary
1 22.08.2024 08:00 Initial revision.