Description
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway, provided the attacker has credentials.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from improper neutralization of special elements in OS commands, enabling attackers to inject system commands. This leads to remote code execution on the affected gateway devices and is classified as Command Injection (CWE-94).

Affected Systems

Affected devices are HMS Networks Ewon Flexy firmware versions earlier than 15.0s4 and Cosy+ firmware 22.xx before 22.1s6 or firmware 23.xx before 23.0s3. No additional product details are available beyond these model and firmware ranges.

Risk and Exploitability

The CVSS score is 8.8, indicating high severity. The EPSS score is below 1%, reflecting low likelihood of exploitation. Exploitation requires authenticated access with low‑privilege credentials on the gateway; therefore, an attacker must first obtain valid credentials. The vulnerability is not listed in the CISA KEV catalog, suggesting it may not yet have known active exploitation, but its high severity plus credential requirement still demand swift action.

Generated by OpenCVE AI on March 18, 2026 at 15:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ewon Flexy firmware to 15.0s4 or later.
  • Upgrade Cosy+ firmware 22.xx line to 22.1s6 or later.
  • Upgrade Cosy+ firmware 23.xx line to 23.0s3 or later.
  • If an upgrade is not immediately possible, restrict gateway access to authorized personnel only and monitor for suspicious activity.

Generated by OpenCVE AI on March 18, 2026 at 15:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Title Improper Command Neutralization Leading to Remote Code Execution in HMS Networks Ewon Flexy and Cosy+ Devices

Fri, 13 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hms-networks
Hms-networks ewon Cosy
Hms-networks ewon Flexy
Vendors & Products Hms-networks
Hms-networks ewon Cosy
Hms-networks ewon Flexy

Thu, 12 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway, provided the attacker has credentials.
References

Subscriptions

Hms-networks Ewon Cosy Ewon Flexy
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-13T12:55:53.874Z

Reserved: 2026-02-06T00:00:00.000Z

Link: CVE-2026-25817

cve-icon Vulnrichment

Updated: 2026-03-13T12:55:47.691Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:25.283

Modified: 2026-03-16T14:54:11.293

Link: CVE-2026-25817

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:36:33Z

Weaknesses