Vulnerability Details CVE-2024-33897
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.7%
CVSS Severity
CVSS v3 Score 9.1
References
- https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/
- https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf
- https://www.ewon.biz/products/cosy/ewon-cosy-wifi
- https://www.hms-networks.com/cyber-security
- http://seclists.org/fulldisclosure/2024/Aug/24
- http://seclists.org/fulldisclosure/2024/Aug/27
Products affected by CVE-2024-33897
-
cpe:2.3:h:hms-networks:ewon_cosy+_4g_apac:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_4g_eu:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_4g_jp:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_4g_na:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_ethernet:-
-
cpe:2.3:h:hms-networks:ewon_cosy+_wifi:-
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.0s0
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.0s1
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.1s1
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s0
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s1
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s2
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s3
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s4
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s7
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:21.2s8
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:22.0s0
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:22.0s1
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:22.1s0
-
cpe:2.3:o:hms-networks:ewon_cosy+_firmware:22.1s0pr