CVE-2020-10633

A non-persistent XSS cross-site scripting vulnerability exists in eWON Flexy and Cosy all firmware versions prior to 14.1s0. An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can ...

EUVD-2020-8196

Malware in sbrugna...

EUVD-2020-3081

Malware in sbrugna...

📄 Cosy+ 21.2s7 Command Injection

Cosy+ firmware version 21.2s7 command injection proof of concept exploit. Hey, Overview: The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. The manufacturer describes the product as follows see 1: "The Ewon Cosy+ gateway establishes a secure VPN...

Cosy+ firmware 21.2s7 - Command Injection

Exploit Title: Cosy+ firmware 21.2s7 - Command Injection Google Dork: N/A Date: 2024-8-20 Exploit Author: CodeB0ss Contact: t.me/codeb0ss / [email protected] Version: 21.2s7 Tested on: Windows 11 Home Edition CVE: CVE-2024-33896 import socket import subprocess import time def...

Ewon Cosy+ Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...

Ewon Cosy+ Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-018 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Improper Neutralization of Special Element...

Ewon Cosy+ Password Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-017 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Cleartext Storage of Sensitive Information...

Ewon Cosy+ Improper Neutralization / Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-016 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Improper Neutralization of Input During We...

Ewon Cosy+ / Talk2M Remote Access Solution Improper Authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-043 Product: Ewon Cosy+ / Talk2M Remote Access Solution Manufacturer: HMS Industrial Networks AB Affected Versions: N.A. Tested Versions: N.A. Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Statu...

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as...

CVE-2020-10633

A non-persistent XSS cross-site scripting vulnerability exists in eWON Flexy and Cosy all firmware versions prior to 14.1s0. An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can ...

CVE-2020-10633

A non-persistent XSS cross-site scripting vulnerability exists in eWON Flexy and Cosy all firmware versions prior to 14.1s0. An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can ...

Cross site scripting

A non-persistent XSS cross-site scripting vulnerability exists in eWON Flexy and Cosy all firmware versions prior to 14.1s0. An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can ...

CVE-2020-10633

A non-persistent XSS cross-site scripting vulnerability exists in eWON Flexy and Cosy all firmware versions prior to 14.1s0. An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can ...

CVE-2020-10633

CVE-2020-10633 is a non-persistent Cross-Site Scripting (CWE-79) vulnerability in HMS Networks eWON Flexy and eWON Cosy firmware versions prior to 14.1s0. An attacker can send a crafted URL to initiate a password change on the device; the target must enter credentials to complete the attack. Affe...

HMS Networks eWON Flexy and eWON Cosy Cross-Site Scripting Vulnerabilities

HMS Networks eWON Flexy and HMS Networks eWON Cosy are both products of the Swedish company HMS Networks.HMS Networks eWON Flexy is an industrial VPN router.HMS Networks eWON Cosy is a gateway product for remote access. A cross-site scripting vulnerability exists in the HMS Networks eWON Flexy an...

HMS Networks eWON Flexy and Cosy

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely Vendor: HMS Networks Equipment: eWON Flexy and Cosy Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could initiate a password change. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS...