Vulnerability Details CVE-2024-33897
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v3 Score 9.1
References
- https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/
- https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf
- https://www.ewon.biz/products/cosy/ewon-cosy-wifi
- https://www.hms-networks.com/cyber-security
- http://seclists.org/fulldisclosure/2024/Aug/24
- http://seclists.org/fulldisclosure/2024/Aug/27
Products affected by CVE-2024-33897
-
cpe:2.3:h:hms-networks:ewon_cosy+_4g_apac:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_4g_eu:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_4g_jp:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_4g_na:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_ethernet:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_wifi:-
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.0s0
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.0s1
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.1s1
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s0
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s1
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s2
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s3
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s4
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s7
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s8
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:22.0s0
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:22.0s1
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:22.1s0
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:22.1s0pr