OTPulse
FeedAboutContact

HMS Networks EWON FLEXY 202

Plan Patch8.2ICS-CERT ICSA-24-291-04Oct 17, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A vulnerability in HMS Networks EWON FLEXY 202 firmware uses weak encoding techniques to transmit credentials, allowing an attacker to sniff and decode authentication credentials transmitted over the network.

What this means
What could happen
An attacker with network access could capture and decode credentials used to access the EWON FLEXY device, potentially gaining unauthorized administrative access to configure or control remote monitoring and data logging functions.
Who's at risk
Water utilities, electric utilities, and other industrial facilities relying on EWON FLEXY 202 for remote monitoring, VPN connectivity, and industrial edge computing should be aware that credentials for accessing this device could be captured from network traffic. This affects organizations using EWON devices for remote plant monitoring or to bridge corporate networks with production systems.
How it could be exploited
An attacker with network visibility of traffic to/from the EWON FLEXY 202 (such as on the same local network or between the device and a remote management server) could intercept credential transmissions and use weak encoding analysis to decode authentication secrets, then use those credentials to log in and modify device settings or access sensitive plant data.
Prerequisites
  • Network access to EWON FLEXY 202 or the communication path where credentials are transmitted
  • Ability to capture network traffic containing credential transmissions
  • Knowledge of the weak encoding scheme used
remotely exploitableno authentication required to capture trafficlow complexity attackweak credential encoding
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
EWON FLEXY 202: Firmware__14.2s0Firmware 14.2s014.9s2
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate the EWON FLEXY device behind a firewall and restrict network access to only authorized management stations
WORKAROUNDUse a VPN for any remote access to the device instead of direct internet exposure
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EWON FLEXY 202 firmware to version 14.9s2 or later
Long-term hardening
0/1
HARDENINGSegment the device from the business network to minimize exposure if credentials are compromised
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dfce53e8-f2d8-4bfb-aa67-e748428c133e
HMS Networks EWON FLEXY 202 | CVSS 8.2 - OTPulse