CVE-2024-33897

A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hms-networks:ewon_cosy\+_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hms-networks:ewon_cosy\+_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:hms-networks:ewon_cosy\+_4g_apac:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_eu:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_jp:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_na:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_ethernet:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_wifi:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:17

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Aug/24 -
  • () http://seclists.org/fulldisclosure/2024/Aug/27 -

10 Oct 2024, 13:00

Type Values Removed Values Added
First Time Hms-networks ewon Cosy\+ Ethernet
Hms-networks ewon Cosy\+ 4g Jp
Hms-networks ewon Cosy\+ 4g Apac
Hms-networks ewon Cosy\+ 4g Na
Hms-networks ewon Cosy\+ Wifi
Hms-networks ewon Cosy\+ 4g Eu
CPE cpe:2.3:h:hms-networks:ewon_cosy\+:-:*:*:*:*:*:*:* cpe:2.3:h:hms-networks:ewon_cosy\+_4g_apac:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_ethernet:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_jp:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_na:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_eu:-:*:*:*:*:*:*:*
References () https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ - () https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ - Exploit, Third Party Advisory
References () https://www.hms-networks.com/cyber-security - Vendor Advisory () https://www.hms-networks.com/cyber-security - Not Applicable

12 Aug 2024, 16:15

Type Values Removed Values Added
First Time Hms-networks ewon Cosy\+ Firmware
Hms-networks
Hms-networks ewon Cosy\+
CPE cpe:2.3:h:hms-networks:ewon_cosy\+:-:*:*:*:*:*:*:*
cpe:2.3:o:hms-networks:ewon_cosy\+_firmware:*:*:*:*:*:*:*:*
References
  • () https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ -
References () https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf - () https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf - Vendor Advisory
References () https://www.ewon.biz/products/cosy/ewon-cosy-wifi - () https://www.ewon.biz/products/cosy/ewon-cosy-wifi - Product
References () https://www.hms-networks.com/cyber-security - () https://www.hms-networks.com/cyber-security - Vendor Advisory

07 Aug 2024, 14:35

Type Values Removed Values Added
Summary
  • (es) Un dispositivo HMS Networks Cosy+ comprometido podría usarse para solicitar una solicitud de firma de certificado de Talk2m para otro dispositivo, lo que generaría un problema de disponibilidad. El problema se solucionó en el servidor de producción de Talk2m el 18 de abril de 2024.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-425

06 Aug 2024, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 14:16

Updated : 2024-11-21 09:17


NVD link : CVE-2024-33897

Mitre link : CVE-2024-33897

CVE.ORG link : CVE-2024-33897


JSON object : View

Products Affected

hms-networks

  • ewon_cosy\+_4g_apac
  • ewon_cosy\+_4g_jp
  • ewon_cosy\+_ethernet
  • ewon_cosy\+_firmware
  • ewon_cosy\+_4g_na
  • ewon_cosy\+_4g_eu
  • ewon_cosy\+_wifi
CWE
CWE-425

Direct Request ('Forced Browsing')