Software DoS Flaw (CVE-2026-25823) - Patch Now

Overview

A critical security vulnerability, tracked as CVE-2026-25823, has been identified in multiple HMS Networks industrial gateway products. This flaw is a stack buffer overflow that could allow an unauthenticated, remote attacker to crash the device or execute arbitrary code.

Vulnerability Details

The vulnerability exists in the firmware of the following HMS Networks Ewon devices:

• Ewon Flexy: All firmware versions prior to 15.0s4
• Ewon Cosy+ (Firmware 22.xx): All versions prior to 22.1s6
• Ewon Cosy+ (Firmware 23.xx): All versions prior to 23.0s3

In simple terms, the devices fail to properly check the size of data being processed. By sending specially crafted network data, an attacker can overflow a memory buffer. This corruption can force the device to stop functioning (causing a Denial of Service) or, more critically, be manipulated to run malicious code.

Potential Impact

With a maximum CVSS score of 9.8 (CRITICAL), this vulnerability poses a severe risk:

• Remote Code Execution (RCE): An attacker could gain full control of the affected gateway from anywhere on the network without needing login credentials.
• Denial of Service (DoS): Attackers could crash the device, disrupting critical industrial communication and data collection.
• Network Compromise: A compromised gateway could be used as a foothold to attack other systems deeper within the operational technology (OT) or IT network. For context on how such vulnerabilities lead to incidents, recent industrial data breach reports are available at breach reports.

Remediation and Mitigation

Immediate action is required to secure affected devices.

Primary Action - Update Firmware: The vendor has released patched firmware versions. All affected users must upgrade to:

• Ewon Flexy: Update to firmware version 15.0s4 or later.
• Ewon Cosy+ (on 22.xx): Update to firmware version 22.1s6 or later.
• Ewon Cosy+ (on 23.xx): Update to firmware version 23.0s3 or later.

Firmware and update instructions are available through the official HMS Networks support portal.

Interim Mitigations: If immediate patching is not possible, consider these steps to reduce risk:

1. Restrict Network Access: Use firewalls to strictly limit inbound network connections to Ewon devices from only authorized, trusted IP addresses (e.g., engineering workstations, specific servers).
2. Segment Networks: Ensure industrial devices are placed on separate, segmented network zones isolated from general business IT networks and the public internet.
3. Monitor for Anomalies: Implement network monitoring for unusual traffic patterns or connection attempts to these devices.

Stay informed on critical patches and emerging threats by following the latest security news. Do not delay in applying these updates, as public disclosure increases the likelihood of exploitation attempts.