CVE Details
Basic Information
| Title | HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information |
|---|---|
| Type | cve |
| Published | 2025-01-28T15:56:10.373Z |
| Modified | 2025-01-28T16:32:42.081Z |
Product Information
| Vendor | HMS Networks |
|---|---|
| Product | Ewon Flexy 202 |
| Version | All |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
AI Analysis
| AI Description | The HMS Networks Ewon Flexy 202 device transmits user credentials in clear text without encryption when adding or changing user credentials via its web interface. |
|---|---|
| AI Severity | Medium |
| AI Vendor | HMS Networks |
| AI Product | Ewon Flexy 202 |
| AI Version | All |
Affected Products
- HMS Networks Ewon Flexy 202 All
Additional Information
| CWE List | CWE-319 |
|---|---|
| Source | icscert |
Description
EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-06
- https://www.hms-networks.com/cyber-security
- https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/manuals-and-guides—installation-guides/best-practices-for-a-secure-usage-of-the-ewon-solution-en.pdf?sfvrsn=37160847_4
- https://support.hms-networks.com/hc/en-us/articles/19393244940818-How-to-block-all-the-unused-Ewon-Flexy-Cosy131-services-on-the-LAN-WAN-and-or-VPN-interface