Vulnerability Description
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hms-Networks | Ewon Cosy\+ Firmware | >= 21.0s0, < 21.2s10 |
| Hms-Networks | Ewon Cosy\+ 4G Apac | - |
| Hms-Networks | Ewon Cosy\+ 4G Eu | - |
| Hms-Networks | Ewon Cosy\+ 4G Jp | - |
| Hms-Networks | Ewon Cosy\+ 4G Na | - |
| Hms-Networks | Ewon Cosy\+ Ethernet | - |
| Hms-Networks | Ewon Cosy\+ Wifi | - |
Related Weaknesses (CWE)
References
- https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ExploitThird Party Advisory
- https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cyberVendor Advisory
- https://www.ewon.biz/products/cosy/ewon-cosy-wifiProduct
- https://www.hms-networks.com/cyber-securityNot Applicable
- http://seclists.org/fulldisclosure/2024/Aug/24
- http://seclists.org/fulldisclosure/2024/Aug/27
FAQ
What is CVE-2024-33897?
CVE-2024-33897 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m p...
How severe is CVE-2024-33897?
CVE-2024-33897 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-33897?
Check the references section above for vendor advisories and patch information. Affected products include: Hms-Networks Ewon Cosy\+ Firmware, Hms-Networks Ewon Cosy\+ 4G Apac, Hms-Networks Ewon Cosy\+ 4G Eu, Hms-Networks Ewon Cosy\+ 4G Jp, Hms-Networks Ewon Cosy\+ 4G Na.