This is a vulnerability announcement that includes steps to reduce the risk of exploitation on your devices. Further information can be obtained from
The vulnerability can possibly allow 3rd parties to gain access to confidential information. The vulnerability exists on firmware below version 14.1 and it is recommended that the patching occur as soon as possible due to the low skill required to implement the exploit.
HMS Networks has provided updated firmware on September 9, 2020 that addresses this vulnerability. https://ewon.biz/technical-support/pages/all-downloads
Detailed Threat Definition https://cwe.mitre.org/data/definitions/942.html
How do I protect my equipment from the vulnerability?
The following are suggested steps and should be implemented at your own risk. Always be aware of the Tolerable Risk in your organization.
- Create or review a list of assets that include Ewon Flex or Cosy devices, including the active firmware on each device to determine which, if any, need to be updated
- Download the latest firmware from the manufacturer website https://ewon.biz/technical-support/pages/all-downloads . The latest version as of this publication is 14.3 (released on 20200909)
- Verify the integrity of the downloaded file.
- Review deployment options and procedure to see how the upgrade will affect existing settings, firewall rules, VPN configuration.
- Develop and test a back out plan to ensure that your system will remain operational in the event of a failed firmware update. Do not perform a firmware update over a wireless connection! Do not power cycle a device during a firmware update.
- Schedule an upgrade time that has minimal impact on operations. Check the release information for anything that may http://cdn.ewon.biz/eBuddyDnl/release.txt
For assistance or clarification on any of these steps, please contact our Industrial Cybersecurity support team.