Vulnerability Description
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hms-Networks | Ewon Flexy Firmware | < 14.1s0 |
| Hms-Networks | Ewon Flexy | - |
| Hms-Networks | Ewon Cosy Firmware | < 14.1s0 |
| Hms-Networks | Ewon Cosy | - |
Related Weaknesses (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-20-098-03Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-098-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-10633?
CVE-2020-10633 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password c...
How severe is CVE-2020-10633?
CVE-2020-10633 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10633?
Check the references section above for vendor advisories and patch information. Affected products include: Hms-Networks Ewon Flexy Firmware, Hms-Networks Ewon Flexy, Hms-Networks Ewon Cosy Firmware, Hms-Networks Ewon Cosy.