Vulnerabilities > HMS Networks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-33897 | Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. | 9.1 |
| 2024-08-02 | CVE-2024-33892 | Cleartext Storage of Sensitive Information vulnerability in Hms-Networks Ewon Cosy+ Firmware Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. | 7.5 |
| 2024-08-02 | CVE-2024-33893 | Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. | 6.1 |
| 2024-08-02 | CVE-2024-33895 | Use of Hard-coded Credentials vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. | 6.6 |
| 2024-08-02 | CVE-2024-33896 | OS Command Injection vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. | 7.2 |
| 2024-07-25 | CVE-2024-6558 | Cross-site Scripting vulnerability in Hms-Networks products HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. | 6.1 |
| 2021-07-09 | CVE-2021-33214 | Incorrect Default Permissions vulnerability in Hms-Networks Ecatcher In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation. | 6.0 |
| 2020-09-18 | CVE-2020-16230 | Unspecified vulnerability in Hms-Networks Ewon Cosy Firmware and Ewon Flexy Firmware All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. | 2.1 |
| 2020-08-26 | CVE-2020-14498 | Out-of-bounds Write vulnerability in Hms-Networks Ecatcher HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 10.0 |
| 2020-04-08 | CVE-2020-10633 | Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy Firmware and Ewon Flexy Firmware A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). | 4.3 |