Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-0432
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-28 Jan, 2025 | 15:56
Updated At-28 Jan, 2025 | 16:32
Rejected At-
▼CVE Numbering Authority (CNA)
HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information

EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.

Affected Products
Vendor
HMS Networks
Product
Ewon Flexy 202
Default Status
unaffected
Versions
Affected
  • All
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319 Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3.15.7MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

To ensure the highest level of security when using the Ewon Flexy device, HMS strongly recommend following these best practices: * Integrate with Talk2M Cloud: Always use the Flexy device in conjunction with Talk2M cloud. This guarantees a robust security level for your remote access connections. * Follow the the guidelines outlined here: Best Practices for Secure Usage of the Ewon Solution https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/manuals-and-guides---installation-guides/best-practices-for-a-secure-usage-of-the-ewon-solution-en.pdf * Disable Unused Protocols: Regularly review and disable any unsecure protocols that are not in use. Learn how to do this here: How to Block Unused Ewon Services https://support.hms-networks.com/hc/en-us/articles/19393244940818-How-to-block-all-the-unused-Ewon-Flexy-Cosy131-services-on-the-LAN-WAN-and-or-VPN-interface For further information, please visit the HMS Security Advisories https://www.hms-networks.com/cyber-security  page.

Exploits
Credits
finder
Khalid Markar, Parul Sindhwad and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India reported this vulnerability to CISA
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-06
N/A
https://www.hms-networks.com/cyber-security
N/A
https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/manuals-and-guides---installation-guides/best-practices-for-a-secure-usage-of-the-ewon-solution-en.pdf?sfvrsn=37160847_4
N/A
https://support.hms-networks.com/hc/en-us/articles/19393244940818-How-to-block-all-the-unused-Ewon-Flexy-Cosy131-services-on-the-LAN-WAN-and-or-VPN-interface
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-06
Resource: N/A
Hyperlink: https://www.hms-networks.com/cyber-security
Resource: N/A
Hyperlink: https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/manuals-and-guides---installation-guides/best-practices-for-a-secure-usage-of-the-ewon-solution-en.pdf?sfvrsn=37160847_4
Resource: N/A
Hyperlink: https://support.hms-networks.com/hc/en-us/articles/19393244940818-How-to-block-all-the-unused-Ewon-Flexy-Cosy131-services-on-the-LAN-WAN-and-or-VPN-interface
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found