These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A medium-severity vulnerability in HMS Networks Ewon Flexy 202 allows user credentials to be transmitted in cleartext when adding users or changing credentials via the device's web interface. The issue, published January 23, 2025, exposes authentication data to network eavesdropping in adjacent network scenarios.
The HMS Networks EWON FLEXY 202 industrial gateway transmits credentials using Base64 encoding without encryption, enabling network-level attackers to capture and decode authentication material via passive traffic analysis. Published 2024-10-17, this HIGH severity vulnerability (CVSS 8.2) affects Firmware version 14.2s0. The attack requires no privileges and low attack complexity, with network access and [truncated]