HMS Networks EWON FLEXY 202

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 7.1
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: HMS Networks
  • Equipment: EWON FLEXY 202
  • Vulnerability: Insufficiently Protected Credentials

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to sniff and decode credentials that are transmitted using weak encoding techniques.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of EWON FLEXY 202, an industrial modular gateway, are affected:

  • EWON FLEXY 202: Firmware Version 14.2s0

3.2 Vulnerability Overview

3.2.1 CWE-522: Insufficiently Protected Credentials

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.

CVE-2024-7755 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

CVE-2024-7755 has been assigned to this vulnerability. A CVSS v4 base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Water and Wastewater Systems, Energy, and Food and Agriculture
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Sweden

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article: