All security bulletins

  • Ewon Security Vulnerability

    Ewon reference: System - Ewon configuration parameters encryption mechanism improvement

    Affected devices: All
    Affected firmware versions: All
    Status:
    • Fixed on Flexy and Cosy 131 device families
    • Fix under development for the CD and Cosy 141 device families

    Severity: Medium (CVSS 3 score of 6.8)

    Read more
  • Ewon Security Attention Point

    Ewon reference: System - All Ewon devices have the same default administrator credentials

    Concerned devices: All
    Concerned firmware versions: All


    Read more
  • Ewon Security Attention Point

    Ewon reference: Webserver - The communication to the Ewon device is unencrypted when used without Talk2M.

    Concerned devices: All
    Concerned firmware versions: All


    Read more
  • Ewon Security Enhancement (Fixed in 13.1s0)

    Ewon reference: Webserver - Ewon authentication mechanism improvement

    Affected devices: All
    Affected firmware versions: From 12.2 to 13.0
    Status: Fixed.
    Severity: Low (CVSS 3 Score of 3.7)

    Description:
    A non-authenticated user could get access in read only to some Ewon device information. This is not impacting Talk2M users, only the Ewon local users are concerned.

    Read more
  • Ewon Security Enhancement (FW 11.2s2)

    eWON reference: Webserver - eWON authentication mechanism improvement

    Affected devices: All
    Affected firmware versions: All

    Description:
    A non-authenticated user could get access in read only to some eWON device information.

    Read more
  • DROWN OpenSSL Vulnerability

    On March 1st, 2016, a potential vulnerability (CVE-2016-0800) nicknamed DROWN was disclosed in OpenSSL regarding the support for SSLv2. This vulnerability mostly affects secure web sites (HTTPS).

    Are the eWON products and the Talk2M platform affected by DROWN?

  • eWON Security Enhancement (FW 10.1s0)

    eWON SECURITY ENHANCEMENT Ref: #7529-01

     

    eWON Reference: eWON Login Session Improvement 

    Affected devices: All eWON devices

    Affected firmware versions: All firmware versions inferior to 10.1s0

    Impact/description:

    The log off button displays a message recommending the user to close the browser to completely invalidate session. The session remains indeed active until the browser is closed. 

  • POODLE vulnerability & eWON

    On Wed Oct 15, a potential vulnerability (CVE-2014-3566) nicknamed POODLE was disclosed in the SSLv3 protocol, a part of the SSL security protocol responsible for securing many types of Internet connections, including secure web sites (HTTPS).

    Are the eWON products and the Talk2M platform affected by POODLE?

  • eWON Security Enhancement

    In eCatcher, for concerned devices, registration using the activation key mechanism is not possible if the eWON is already linked to a Talk2M account...
  • ShellShock vulnerability & eWON

    On Thu Sep 25, major vulnerability (CVE-2014-7169) nicknamed ShellShock was disclosed in Bash, a standard module of Linux systems, affecting most Linux servers on the planet, such as web servers.

    The Talk2M servers are not affected by this vulnerability but since security is our primary concern, we patched all our servers only a few hours after the vulnerability was disclosed, that is in Day 0, thereby ensuring that the Talk2M infrastructure remains safe.