eWON Vulnerabilities

Act Now9.9ICS-CERT ICSA-15-351-03Sep 19, 2015

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

eWON sa industrial routers contain multiple critical vulnerabilities in firmware versions before 10.1s0, including improper authentication (CWE-613, CWE-352), weak password controls (CWE-274), cross-site scripting (CWE-79), information disclosure (CWE-200), and exposure of sensitive headers (CWE-598). These vulnerabilities allow an authenticated attacker to execute code, escalate privileges, modify device configuration, or bypass security controls. The vendor has not released a patched firmware version.

What this means

What could happen

An authenticated user on an eWON industrial router could execute arbitrary code, escalate privileges, or modify device configuration, potentially disrupting remote access and monitoring capabilities for connected equipment or networks.

Who's at risk

Manufacturing operations using eWON industrial routers for remote access, monitoring, or gateway functions. This includes facilities relying on eWON devices to bridge OT networks with corporate IT or cloud-based remote support platforms.

How it could be exploited

An attacker with valid credentials to the eWON web interface or API could exploit authentication bypass, improper input validation, or cross-site request forgery (CSRF) vulnerabilities to inject commands or modify configuration, gaining control of the router and all traffic it routes.

Prerequisites

Valid credentials (username/password) to the eWON management interface
Network access to the eWON web interface (typically port 80/443)
Knowledge of the eWON API or web interface structure

No patch availableAffects remote access gatewayMultiple vulnerability types (authentication, input validation, CSRF, information disclosure)CVSS 9.9 critical severity

Exploitability

Moderate exploit probability (EPSS 3.7%)

Affected products (1)

ProductAffected VersionsFix Status

eWON sa industrial router firmware: <10.1s0<10.1s0No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict network access to the eWON router management interface using firewall rules; only allow connections from authorized engineering workstations and remote access servers

HARDENINGChange default credentials and enforce strong, unique passwords for all eWON user accounts

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor eWON router for suspicious administrative activity and configuration changes via logging

WORKAROUNDContact HMS Networks for guidance on firmware updates or extended support; document any applicable workarounds specific to your deployment

Mitigations - no patch available

0/1

eWON sa industrial router firmware: <10.1s0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment the eWON router onto a dedicated management network separate from critical control system networks

CVEs (6)

CVE-2015-7924 CVE-2015-7925 CVE-2015-7926 CVE-2015-7927 CVE-2015-7928 CVE-2015-7929

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/95b9f73b-bb0d-4693-8d45-5c3f5efd6b29