CVE-2024-33897

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Aug 6, 2024

Updated: Oct 10, 2024

CWE ID 425

Summary

CVE-2024-33897: A vulnerability was discovered in HMS Networks Cosy+ devices, allowing a compromised device to request a Certificate Signing Request from Talk2m for another device. This issue could lead to an availability problem. The vulnerability was addressed on Talk2m's production server on April 18, 2024. Unauthorized access to a Cosy+ device could potentially manipulate certificate requests, causing availability disruptions. This vulnerability underscores the importance of securing IoT devices and their communication channels.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

HMS Industrial Networks AB

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vqiS9H
https://www.cve.org/CVERecord?id=CVE-2024-33897
https://nvd.nist.gov/vuln/detail/CVE-2024-33897

Back to Vulnerability Database

CVE-2024-33897

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations