CVE-2024-33897 (GCVE-0-2024-33897)
Vulnerability from cvelistv5 – Published: 2024-08-06 00:00 – Updated: 2024-08-22 23:03
VLAI?
Summary
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hms-networks:ewon_cosy_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ewon_cosy_firmware",
"vendor": "hms-networks",
"versions": [
{
"lessThan": "21.2s10",
"status": "affected",
"version": "21.0",
"versionType": "custom"
},
{
"lessThan": "22.1s3",
"status": "affected",
"version": "22.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:09:32.260175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T13:48:18.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-22T23:03:06.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/24"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:29:37.232342",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.ewon.biz/products/cosy/ewon-cosy-wifi"
},
{
"url": "https://www.hms-networks.com/cyber-security"
},
{
"url": "https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf"
},
{
"url": "https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-33897",
"datePublished": "2024-08-06T00:00:00",
"dateReserved": "2024-04-28T00:00:00",
"dateUpdated": "2024-08-22T23:03:06.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hms-networks:ewon_cosy\\\\+_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"21.0s0\", \"versionEndExcluding\": \"21.2s10\", \"matchCriteriaId\": \"04E2B00A-5F5D-455D-84DA-4ABFA82A1863\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hms-networks:ewon_cosy\\\\+_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"22.0s0\", \"versionEndExcluding\": \"22.1s3\", \"matchCriteriaId\": \"1873C613-5DB5-4BFB-A538-860E1BF6555B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_4g_apac:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26AE4359-63AD-4451-AACD-D621B9D422C7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_4g_eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95A7AEB3-53A0-4B77-8DFB-8E92E4B24462\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_4g_jp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0C2B08D-D645-4C04-B010-4FF85642F7B5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_4g_na:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B85678D5-71F7-47EA-A21F-272BA9C02B33\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_ethernet:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F5917C5-AD12-4FB3-9DBB-D757DC053427\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_wifi:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1475F50-11AB-4290-8D1D-FFCA2245B0B3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.\"}, {\"lang\": \"es\", \"value\": \"Un dispositivo HMS Networks Cosy+ comprometido podr\\u00eda usarse para solicitar una solicitud de firma de certificado de Talk2m para otro dispositivo, lo que generar\\u00eda un problema de disponibilidad. El problema se solucion\\u00f3 en el servidor de producci\\u00f3n de Talk2m el 18 de abril de 2024.\"}]",
"id": "CVE-2024-33897",
"lastModified": "2024-11-21T09:17:41.393",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
"published": "2024-08-06T14:16:03.870",
"references": "[{\"url\": \"https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.ewon.biz/products/cosy/ewon-cosy-wifi\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.hms-networks.com/cyber-security\", \"source\": \"cve@mitre.org\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Aug/24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Aug/27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-425\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-425\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-33897\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-08-06T14:16:03.870\",\"lastModified\":\"2024-11-21T09:17:41.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.\"},{\"lang\":\"es\",\"value\":\"Un dispositivo HMS Networks Cosy+ comprometido podr\u00eda usarse para solicitar una solicitud de firma de certificado de Talk2m para otro dispositivo, lo que generar\u00eda un problema de disponibilidad. El problema se solucion\u00f3 en el servidor de producci\u00f3n de Talk2m el 18 de abril de 2024.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-425\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-425\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hms-networks:ewon_cosy\\\\+_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.0s0\",\"versionEndExcluding\":\"21.2s10\",\"matchCriteriaId\":\"04E2B00A-5F5D-455D-84DA-4ABFA82A1863\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hms-networks:ewon_cosy\\\\+_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"22.0s0\",\"versionEndExcluding\":\"22.1s3\",\"matchCriteriaId\":\"1873C613-5DB5-4BFB-A538-860E1BF6555B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_4g_apac:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26AE4359-63AD-4451-AACD-D621B9D422C7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_4g_eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95A7AEB3-53A0-4B77-8DFB-8E92E4B24462\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_4g_jp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0C2B08D-D645-4C04-B010-4FF85642F7B5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_4g_na:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B85678D5-71F7-47EA-A21F-272BA9C02B33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_ethernet:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F5917C5-AD12-4FB3-9DBB-D757DC053427\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hms-networks:ewon_cosy\\\\+_wifi:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1475F50-11AB-4290-8D1D-FFCA2245B0B3\"}]}]}],\"references\":[{\"url\":\"https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ewon.biz/products/cosy/ewon-cosy-wifi\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://www.hms-networks.com/cyber-security\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Aug/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Aug/27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2024/Aug/24\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Aug/27\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-22T23:03:06.344Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-33897\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-06T19:09:32.260175Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:hms-networks:ewon_cosy_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"hms-networks\", \"product\": \"ewon_cosy_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.0\", \"lessThan\": \"21.2s10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.0\", \"lessThan\": \"22.1s3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-425\", \"description\": \"CWE-425 Direct Request (\u0027Forced Browsing\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-07T13:47:33.505Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.ewon.biz/products/cosy/ewon-cosy-wifi\"}, {\"url\": \"https://www.hms-networks.com/cyber-security\"}, {\"url\": \"https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf\"}, {\"url\": \"https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-08-12T15:29:37.232342\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-33897\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-22T23:03:06.344Z\", \"dateReserved\": \"2024-04-28T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-08-06T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…