MitreCVE-2024-33897CVE-2024-33897
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
24.8%
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hms-networks | ewon_cosy\+_firmware | * | cpe:2.3:o:hms-networks:ewon_cosy\+_firmware:*:*:*:*:*:*:*:* |
| hms-networks | ewon_cosy\+ | - | cpe:2.3:h:hms-networks:ewon_cosy\+:-:*:*:*:*:*:*:* |
References
blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/
hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf
www.ewon.biz/products/cosy/ewon-cosy-wifi
www.hms-networks.com/cyber-security
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
24.8%