VYPR
Vendor

HMS Networks

Products
9
CVEs
15
Across products
16
Status
Private

Products

9

Recent CVEs

15
  • CVE-2026-25823CriMar 13, 2026
    risk 0.64cvss 9.8epss 0.01

    HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.

  • CVE-2020-14498CriAug 26, 2020
    risk 0.63cvss 9.6epss 0.03

    HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2026-25818CriMar 13, 2026
    risk 0.59cvss 9.1epss 0.00

    HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an…

  • CVE-2024-33897CriAug 6, 2024
    risk 0.59cvss 9.1epss 0.01

    A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.

  • CVE-2026-25817HigMar 13, 2026
    risk 0.57cvss 8.8epss 0.01

    HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access…

  • CVE-2024-33894HigAug 2, 2024
    risk 0.57cvss 8.8epss 0.01

    Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.

  • CVE-2024-9154HigDec 19, 2024
    risk 0.56cvss epss 0.01

    A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633).

  • CVE-2024-33896HigAug 2, 2024
    risk 0.50cvss 7.2epss 0.04

    Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s3.

  • CVE-2024-33892HigAug 2, 2024
    risk 0.49cvss 7.5epss 0.00

    Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3

  • CVE-2024-33895MedAug 2, 2024
    risk 0.43cvss 6.6epss 0.01

    Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.

  • CVE-2024-6558MedJul 25, 2024
    risk 0.41cvss 6.3epss 0.00

    HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page…

  • CVE-2024-33893MedAug 2, 2024
    risk 0.40cvss 6.1epss 0.01

    Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 and 22.1s3.

  • CVE-2021-33214MedJul 9, 2021
    risk 0.40cvss 6.1epss 0.01

    In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.

  • CVE-2018-19694MedMar 21, 2019
    risk 0.40cvss 6.1epss 0.02

    HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.

  • CVE-2025-0432MedJan 28, 2025
    risk 0.37cvss 5.7epss 0.00

    EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.