Recently, severe security flaws were identified in the Ewon Cosy+ industrial remote access devices, which could allow attackers to gain complete control over the systems. This vulnerability presents a serious risk, as it could lead to unauthorised access, allowing attackers to decrypt sensitive data, steal credentials, and hijack VPN sessions to launch further attacks on industrial networks.
Root Access Exploits and VPN Session Hijacking
Security researcher Moritz Abrell from SySS GmbH brought these critical vulnerabilities to light during a presentation at DEF CON 32. The identified flaws could enable attackers to achieve root-level access on Ewon Cosy+ devices, providing them with the ability to decrypt protected firmware and data, such as passwords stored in configuration files. More alarmingly, attackers could obtain valid VPN certificates, enabling them to take over VPN sessions, thereby compromising the security of both the devices and the connected industrial networks.
Ewon, in response to these findings, issued a security update on July 29, 2024, which addresses these vulnerabilities in the latest firmware versions. The update tackles several issues, including data leaks through cookies, cross-site scripting (XSS) vulnerabilities, and improper encryption practices. Notably, the update fixes critical issues such as the ability to execute processes with elevated privileges and vulnerabilities that could allow attackers to inject malicious code.
How the Vulnerabilities Were Exploited
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents