CVE-2024-33892

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:hms-networks:ewon_cosy\+_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hms-networks:ewon_cosy\+_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:hms-networks:ewon_cosy\+_4g_apac:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_eu:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_jp:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_na:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_ethernet:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_wifi:-:*:*:*:*:*:*:*

History

03 Sep 2024, 19:18

Type Values Removed Values Added
References () https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ - () https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ - Exploit, Third Party Advisory
References () https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf - () https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf - Vendor Advisory
References () https://www.ewon.biz/products/cosy/ewon-cosy-wifi - () https://www.ewon.biz/products/cosy/ewon-cosy-wifi - Product
References () https://www.hms-networks.com/cyber-security - () https://www.hms-networks.com/cyber-security - Product
First Time Hms-networks ewon Cosy\+ 4g Na
Hms-networks ewon Cosy\+ Wifi
Hms-networks ewon Cosy\+ 4g Apac
Hms-networks ewon Cosy\+ 4g Jp
Hms-networks ewon Cosy\+ Firmware
Hms-networks ewon Cosy\+ 4g Eu
Hms-networks ewon Cosy\+ Ethernet
Hms-networks
CWE CWE-312
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5
CPE cpe:2.3:h:hms-networks:ewon_cosy\+_ethernet:-:*:*:*:*:*:*:*
cpe:2.3:o:hms-networks:ewon_cosy\+_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_eu:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_wifi:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_na:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_jp:-:*:*:*:*:*:*:*
cpe:2.3:h:hms-networks:ewon_cosy\+_4g_apac:-:*:*:*:*:*:*:*

12 Aug 2024, 16:15

Type Values Removed Values Added
References
  • () https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ -

07 Aug 2024, 17:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-281

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de permisos inseguros en dispositivos Cosy+ que ejecutan un firmware 21.x inferior a 21.2s10 o un firmware 22.x inferior a 22.1s3 son susceptibles de filtrar información a través de cookies. Esto está solucionado en la versión 21.2s10 y 22.1s3.

02 Aug 2024, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 18:16

Updated : 2024-09-03 19:18


NVD link : CVE-2024-33892

Mitre link : CVE-2024-33892

CVE.ORG link : CVE-2024-33892


JSON object : View

Products Affected

hms-networks

  • ewon_cosy\+_4g_eu
  • ewon_cosy\+_4g_apac
  • ewon_cosy\+_4g_jp
  • ewon_cosy\+_wifi
  • ewon_cosy\+_firmware
  • ewon_cosy\+_4g_na
  • ewon_cosy\+_ethernet
CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-281

Improper Preservation of Permissions