CVE-2024-33897

{"id": "CVE-2024-33897", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-08-06T14:16:03.870", "references": [{"url": "https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/", "source": "cve@mitre.org"}, {"url": "https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ewon.biz/products/cosy/ewon-cosy-wifi", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.hms-networks.com/cyber-security", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-425"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-425"}]}], "descriptions": [{"lang": "en", "value": "A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024."}, {"lang": "es", "value": "Un dispositivo HMS Networks Cosy+ comprometido podr\u00eda usarse para solicitar una solicitud de firma de certificado de Talk2m para otro dispositivo, lo que generar\u00eda un problema de disponibilidad. El problema se solucion\u00f3 en el servidor de producci\u00f3n de Talk2m el 18 de abril de 2024."}], "lastModified": "2024-08-12T16:15:15.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04E2B00A-5F5D-455D-84DA-4ABFA82A1863", "versionEndExcluding": "21.2s10", "versionStartIncluding": "21.0s0"}, {"criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1873C613-5DB5-4BFB-A538-860E1BF6555B", "versionEndExcluding": "22.1s3", "versionStartIncluding": "22.0s0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32438363-2228-41D7-915C-E54343F71E84"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}