Vulnerabilities > HMS Networks

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-33897 Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue.
network
low complexity
hms-networks CWE-425
critical
9.1
2024-08-02 CVE-2024-33892 Cleartext Storage of Sensitive Information vulnerability in Hms-Networks Ewon Cosy+ Firmware
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies.
network
low complexity
hms-networks CWE-312
7.5
2024-08-02 CVE-2024-33893 Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy+ Firmware
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization.
network
low complexity
hms-networks CWE-79
6.1
2024-08-02 CVE-2024-33895 Use of Hard-coded Credentials vulnerability in Hms-Networks Ewon Cosy+ Firmware
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters.
low complexity
hms-networks CWE-798
6.6
2024-08-02 CVE-2024-33896 OS Command Injection vulnerability in Hms-Networks Ewon Cosy+ Firmware
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting.
network
low complexity
hms-networks CWE-78
7.2
2024-07-25 CVE-2024-6558 Unspecified vulnerability in Hms-Networks products
HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks.
network
low complexity
hms-networks
6.1
2021-07-09 CVE-2021-33214 Incorrect Default Permissions vulnerability in Hms-Networks Ecatcher
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
local
low complexity
hms-networks CWE-276
6.1
2020-09-18 CVE-2020-16230 Unspecified vulnerability in Hms-Networks Ewon Cosy Firmware and Ewon Flexy Firmware
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources.
local
low complexity
hms-networks
2.3
2020-08-26 CVE-2020-14498 Out-of-bounds Write vulnerability in Hms-Networks Ecatcher
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
hms-networks CWE-787
critical
10.0
2020-04-08 CVE-2020-10633 Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy Firmware and Ewon Flexy Firmware
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0).
network
low complexity
hms-networks CWE-79
6.1