public

Cybersecurity Advisory - Ewon Flexy and Cosy with Firmware Prior to 14.1

This is a vulnerability announcement that includes steps to reduce the risk of exploitation on your devices. Further information can be obtained from Canadian Centre for Cyber SecurityGet quick, easy

3 months ago

Latest Post RDP - What are the risks? Why am I using it? by Sean R Bouchard public

This is a vulnerability announcement that includes steps to reduce the risk of exploitation on your devices. Further information can be obtained from

Canadian Centre for Cyber Security
Get quick, easy access to all Canadian Centre for Cyber Security services and information.

The vulnerability can possibly allow 3rd parties to gain access to confidential information. The vulnerability exists on firmware below version 14.1 and it is recommended that the patching occur as soon as possible due to the low skill required to implement the exploit.

HMS Networks has provided updated firmware on September 9, 2020 that addresses this vulnerability. https://ewon.biz/technical-support/pages/all-downloads

Detailed Threat Definition https://cwe.mitre.org/data/definitions/942.html

How do I protect my equipment from the vulnerability?

The following are suggested steps and should be implemented at your own risk. Always be aware of the Tolerable Risk in your organization.

  1. Create or review a list of assets that include Ewon Flex or Cosy devices, including the active firmware on each device to determine which, if any, need to be updated
  2. Download the latest firmware from the manufacturer website https://ewon.biz/technical-support/pages/all-downloads . The latest version as of this publication is 14.3 (released on 20200909)
  3. Verify the integrity of the downloaded file.
  4. Review deployment options and procedure to see how the upgrade will affect existing settings, firewall rules, VPN configuration.
  5. Develop and test a back out plan to ensure that your system will remain operational in the event of a failed firmware update. Do not perform a firmware update over a wireless connection! Do not power cycle a device during a firmware update.
  6. Schedule an upgrade time that has minimal impact on operations.  Check the release information for anything that may  http://cdn.ewon.biz/eBuddyDnl/release.txt

For assistance or clarification on any of these steps, please contact our Industrial Cybersecurity support team.

support@icieng.com

250-372-1486

Sean R Bouchard

Published 3 months ago