CVE-2024-33892 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CISA-ADP	ADP	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
hms-networks	ewon_cosy\+_firmware	21.0s0 ≤ 𝑥 < 21.2s10
hms-networks	ewon_cosy\+_firmware	22.0s0 ≤ 𝑥 < 22.1s3

𝑥

= Vulnerable software versions

Known Exploits!

https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/

Common Weakness Enumeration

CWE-312 - Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/

https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf

https://www.ewon.biz/products/cosy/ewon-cosy-wifi

https://www.hms-networks.com/cyber-security