A high-severity vulnerability has been identified in multiple EasyFlow products, which allows an unauthenticated attacker to remotely shut down the web service. Exploitation of this flaw requires no special access and can be used to disrupt business operations that depend on the availability of the EasyFlow platform.

The vulnerability exists within the web service component of EasyFlow GP. An unauthenticated attacker from a remote location can craft and send specially designed requests to the affected service. The service fails to properly handle these requests, leading to a resource exhaustion or unhandled exception that causes the service to crash or become unresponsive, effectively denying service to all legitimate users.

This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation would result in a denial-of-service condition, making the EasyFlow web services completely unavailable to legitimate users. This can lead to significant business disruption, including the interruption of critical workflows, loss of productivity, and potential financial losses if the application is essential for business operations. The fact that the attack can be launched by an unauthenticated remote attacker increases the risk, as it lowers the barrier for potential threat actors.

Immediate Action: Organizations must prioritize the immediate application of the security updates provided by the vendor (Digiwin). After patching, administrators should monitor web server and application logs for any signs of exploitation attempts and verify that the service is stable and operating as expected.

Proactive Monitoring:

• Log Analysis: Review web server and application logs for an unusual volume of requests from a single source IP, malformed request patterns, or repeated application crash/restart events.
• Network Traffic: Monitor for anomalous traffic spikes targeting the EasyFlow web service. Network intrusion detection systems may be able to identify signatures related to this attack.
• System Performance: Monitor CPU and memory utilization on the host server. A sustained, unexplained spike in resource usage could indicate an ongoing denial-of-service attack.

Compensating Controls:

• Web Application Firewall (WAF): If a specific attack pattern is identified, deploy a WAF rule to block the malicious requests before they reach the application.
• Rate Limiting: Implement rate limiting on the network perimeter or load balancer to restrict the number of requests a single IP address can make in a given timeframe.
• Access Control: If feasible, restrict access to the EasyFlow web service to only trusted IP addresses and networks using a firewall.

Public Exploit Available: false

Given the high severity (CVSS 7.5) of this vulnerability and the low complexity required for an unauthenticated attacker to cause a service outage, we strongly recommend that organizations apply the vendor-provided security updates to all affected EasyFlow products as a top priority. Although this vulnerability is not currently listed on the CISA KEV catalog, the potential for significant business disruption is high. Immediate patching is the most effective defense against potential exploitation.