HiCOS Client

by Chunghwa Telecom Corp., Ltd.v3.1.0

Last updated Jun 8, 2026

HiCOS 卡片管理工具是一種 CSP(Cryptography Service Provider)，係提供 IC 卡之憑證註冊至作業系統的工具，以利安全電子郵件或憑證應用應用系統使用密碼學之簽章或加密等功能。

Install with winget

$ winget install --id ChunghwaTelecom.HiCOSClient --exact --version 3.1.0

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

1.HiCOS卡片管理工具是一種CSP(Cryptography Service Provider)，係提供IC卡之憑證註冊至作業系統的工具，以利安全電子郵件或憑證應用應用系統使用密碼學之簽章或加密等功能，下載安裝後除HiCOS卡片管理工具外，並包含用戶端環境檢測工具與相關使用手冊。2.用戶端環境檢測工具，可協助檢查用戶IC卡與讀卡機驅動程式是否安裝成功，IC卡能否讀取，並提供PIN碼驗證，簽章驗章與加解密功能檢測。

Installers · v3.1.0

Architecture	Type	Scope	Install	Download
x86	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

5 known CVEs via NVD

medium6.8Patched in wingetCVE-2022-35222affects v3.0.3.30306Aug 2, 2022
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
medium6.8Patched in wingetCVE-2022-32962affects v3.0.3.30306Jul 19, 2022
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
medium6.8Patched in wingetCVE-2022-32961affects v3.0.3.30306Jul 19, 2022
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arb...
medium6.8Patched in wingetCVE-2022-32960affects v3.0.3.30306Jul 19, 2022
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary...
medium6.8Patched in wingetCVE-2022-32959affects v3.0.3.30306Jul 19, 2022
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitr...

Source: NVD, updated 6h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Frequently asked questions

How do I install HiCOS Client on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id ChunghwaTelecom.HiCOSClient --exact --version 3.1.0. winget downloads the installer from Chunghwa Telecom Corp., Ltd. and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install HiCOS Client silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id ChunghwaTelecom.HiCOSClient --exact 3.1.0 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall HiCOS Client via winget?

Run: winget uninstall --id ChunghwaTelecom.HiCOSClient --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from HiCOS Client's Apps & Features entry.

Is HiCOS Client free?

HiCOS Client is distributed under Proprietary. Refer to the publisher (https://moica.nat.gov.tw/download_1.html) for the full license terms - Wingetly itself does not charge for installation.

Does HiCOS Client work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls HiCOS Client directly from the publisher.

How do I keep HiCOS Client up to date?

Run winget upgrade --id ChunghwaTelecom.HiCOSClient --exact, or winget upgrade --all to update everything winget tracks. We index 1 version of HiCOS Client from microsoft/winget-pkgs.