Back to all security reports

Ewon Security Vulnerability

Ewon reference: System - Ewon configuration parameters encryption mechanism improvement


Affected devices: All

Affected firmware versions: All

Status: Fixed

Severity: Medium (CVSS 3 score of 6.8)



Encryption of device configuration parameters is weak due to an implementation issue in the encryption mechanism function



Successful exploitation of this vulnerability may allow a remote attacker to get access to the local system and perform potential harmful actions on the device itself, but also on devices connected to the Ewon device.


Mitigation Factors:

As a rule, we recommend:    

  • to avoid making Ewons devices being directly reachable from non-trusted user by using a firewall and an access control policy.    
  • use a secure remote access solution like Talk2M (
  • to change the adm password at first login and use a strong one



Install the latest firmware version:

  • This has been fixed as from firmware version 13.3s0 for Flexy and Cosy 131 families.
  • This has been fixed as from firmware version 11.3s0 for CD and Cosy 141 families.

Check the firmware section to learn how to update your Ewons.


Discovered by: Tijl Deneut - Howest (UGent) & Stu Kennedy - PentestPartners