OTPulse

HMS Networks Ewon Flexy 202

MonitorCVSS 5.7ICS-CERT ICSA-25-023-06Jan 23, 2025
HMS Networks
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

HMS Networks Ewon Flexy 202 devices contain a vulnerability that could allow an attacker to disclose sensitive user credentials. The vulnerability affects all versions of the Ewon Flexy 202. The device transmits credentials in cleartext over the network (CWE-319: Cleartext Transmission of Sensitive Information).

What this means
What could happen
An attacker with network access to an Ewon Flexy 202 device could intercept and steal user credentials, potentially gaining access to remote management capabilities and sensitive plant data. Compromised credentials could enable unauthorized remote access to industrial control systems and process networks.
Who's at risk
Water authorities, electric utilities, and other industrial facilities using HMS Networks Ewon Flexy 202 remote access gateways for secure connectivity to PLCs, RTUs, HMIs, and other control systems. The Ewon Flexy 202 is commonly deployed at the boundary between corporate and industrial networks to enable remote engineering access and diagnostics.
How it could be exploited
An attacker positioned on the same network segment as the Ewon Flexy 202 (or on the path between the device and its management interface) can perform packet capture or man-in-the-middle techniques to intercept network traffic. If the device transmits credentials in cleartext, the attacker can extract valid user credentials from the captured traffic and use them to gain unauthorized access to the device or connected systems.
Prerequisites
  • Network access to the Ewon Flexy 202 device or network segment where it operates
  • Ability to perform packet capture or network traffic inspection
  • User authentication attempt occurring during the attack window
No patch available (end-of-life product)Credentials transmitted in cleartextAffects boundary/remote access deviceLow EPSS score but practical exploitability in OT environments
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
Ewon Flexy 202: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/4
WORKAROUNDDisable all unused or insecure protocols on the Ewon Flexy 202 device (review enabled services and disable those not required for operations)
HARDENINGRestrict network access to the Ewon Flexy 202 device to only authorized engineering workstations and management networks using firewall rules
HARDENINGIsolate the Ewon Flexy 202 device behind a firewall with only necessary ports open; do not expose it directly to the internet or untrusted networks
HARDENINGChange all default and stored credentials on the Ewon Flexy 202 to unique, strong passwords since no firmware patch is available
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGIntegrate Ewon Flexy 202 devices with Talk2M Cloud service to enforce encrypted remote access connections
HARDENINGUse a VPN for all remote access to the device rather than direct network exposure; ensure VPN is updated to the latest version
View full CISA ICS-CERT advisory
API: /api/v1/advisories/dcdacf15-345e-4cbd-bec3-b01eef9ac2fa

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

HMS Networks Ewon Flexy 202 | CVSS 5.7 - OTPulse