Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
25 vulnerabilities by Belden
CVE-2017-20234 (GCVE-0-2017-20234)
Vulnerability from cvelistv5 – Published: 2026-04-03 22:49 – Updated: 2026-04-03 22:49
VLAI?
Title
GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String
Summary
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | GarrettCom Magnum 6K and 10K Managed Switches |
Affected:
0 , ≤ 4.6.0
(semver)
Affected: 0 , ≤ 4.7.6 (semver) Unaffected: 4.7.7 (semver) |
Date Public ?
2017-05-08 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GarrettCom Magnum 6K and 10K Managed Switches",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "4.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.7.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.7.7",
"versionType": "semver"
}
]
}
],
"datePublic": "2017-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:49:58.377Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/114be964b4651983/original/Security-Bulletin-MNS-6K-10K-GarrettCom-BSECV-2017-08.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/garrettcom-magnum-6k-and-10k-authentication-bypass-via-hardcoded-string"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20234",
"datePublished": "2026-04-03T22:49:58.377Z",
"dateReserved": "2026-04-03T18:00:44.958Z",
"dateUpdated": "2026-04-03T22:49:58.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-20233 (GCVE-0-2017-20233)
Vulnerability from cvelistv5 – Published: 2026-04-03 22:47 – Updated: 2026-04-03 22:47
VLAI?
Title
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass
Summary
Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall.
Severity ?
5.4 (Medium)
CWE
- CWE-284 - Improper access control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Belden | Hirschmann HiLCOS OpenBAT, BAT450, WLC |
Affected:
0 , ≤ 9.10.5126-REL
(semver)
Affected: 0 , ≤ 9.12.5500-REL (semver) Unaffected: 0 (semver) |
|||||||
|
|||||||||
Date Public ?
2017-05-08 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiLCOS OpenBAT, BAT450, WLC",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "9.10.5126-REL",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.12.5500-REL",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiLCOS BAT867",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "9.14.5500-REL",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2017-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:47:07.496Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20233",
"datePublished": "2026-04-03T22:47:07.496Z",
"dateReserved": "2026-04-03T17:40:03.508Z",
"dateUpdated": "2026-04-03T22:47:07.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25236 (GCVE-0-2018-25236)
Vulnerability from cvelistv5 – Published: 2026-04-03 22:44 – Updated: 2026-04-03 22:44
VLAI?
Title
Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management
Summary
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication (CWE-287)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Belden | Hirschmann HiOS |
Affected:
0 , ≤ 05.07
(custom)
Affected: 0 , ≤ 06.1.04 (custom) Affected: 0 , ≤ 06.2.00 (custom) Unaffected: 06.1.05 (custom) Unaffected: 07.0.00 (semver) Unaffected: 03.1.00 (semver) |
|||||||
|
|||||||||
Date Public ?
2018-05-25 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiOS",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "05.07",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "06.1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "06.2.00",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "06.1.05",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "07.0.00",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "03.1.00",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiSecOS EAGLE",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "03.00.02",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "03.0.03",
"versionType": "semver"
}
]
}
],
"datePublic": "2018-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication (CWE-287)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:44:43.486Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf"
},
{
"url": "https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25236",
"datePublished": "2026-04-03T22:44:43.486Z",
"dateReserved": "2026-04-03T17:10:57.779Z",
"dateUpdated": "2026-04-03T22:44:43.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-4477 (GCVE-0-2021-4477)
Vulnerability from cvelistv5 – Published: 2026-04-03 22:37 – Updated: 2026-04-03 22:37
VLAI?
Title
Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass
Summary
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.
Severity ?
9.1 (Critical)
CWE
- CWE-284 - Improper access control
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann HiLCOS OpenBAT |
Affected:
3.80-REL
(custom)
Affected: 8.90-REL (custom) Affected: 9.00-REL (custom) Affected: 9.00-RU1 (custom) Affected: 9.10-REL (custom) Affected: 9.12-REL (custom) Affected: 9.12-RU1 (custom) Affected: 9.12-RU2 (custom) Affected: 9.12-RU3 (custom) Affected: 9.12-RU4 (custom) Affected: 9.12-RU5 (custom) Affected: 9.12-RU6 (custom) Affected: 9.12-RU7 (custom) Affected: 9.12-RU8 (custom) Affected: 9.12-RU9 (custom) Affected: 9.13-REL (custom) Affected: 9.13-RU1 (custom) Affected: 10.12-REL (custom) Affected: 10.12-RU1 (custom) Unaffected: 10.12-RU2 (custom) |
Date Public ?
2021-01-11 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiLCOS OpenBAT",
"vendor": "Belden",
"versions": [
{
"status": "affected",
"version": "3.80-REL",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.90-REL",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.00-REL",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.00-RU1",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.10-REL",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-REL",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU1",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU2",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU3",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU4",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU5",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU6",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU7",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU8",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.12-RU9",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.13-REL",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.13-RU1",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.12-REL",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.12-RU1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.12-RU2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:37:45.879Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf"
},
{
"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-4477",
"datePublished": "2026-04-03T22:37:45.879Z",
"dateReserved": "2026-04-03T16:46:37.018Z",
"dateUpdated": "2026-04-03T22:37:45.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-20238 (GCVE-0-2017-20238)
Vulnerability from cvelistv5 – Published: 2026-04-03 22:10 – Updated: 2026-04-03 22:10
VLAI?
Title
Hirschmann Industrial HiVision Improper Authorization Privilege Escalation
Summary
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann Industrial HiVision |
Unaffected:
06.0.06
(custom)
Unaffected: 07.01 (custom) Affected: 06.0.00 , ≤ 06.0.05 (semver) Affected: 0 , ≤ 07.00 (semver) |
Date Public ?
2017-01-06 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hirschmann Industrial HiVision",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "06.0.06",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "07.01",
"versionType": "custom"
},
{
"lessThanOrEqual": "06.0.05",
"status": "affected",
"version": "06.0.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "07.00",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2017-01-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:10:18.157Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/7cc5d59343125b25/original/Security-Bulletin-Restricted-User-Roles-Write-Access-HiVision-2017-01.pdf"
},
{
"url": "https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-improper-authorization-privilege-escalation"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann Industrial HiVision Improper Authorization Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20238",
"datePublished": "2026-04-03T22:10:18.157Z",
"dateReserved": "2026-04-03T22:02:22.395Z",
"dateUpdated": "2026-04-03T22:10:18.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-15058 (GCVE-0-2016-15058)
Vulnerability from cvelistv5 – Published: 2026-04-03 21:59 – Updated: 2026-04-03 21:59
VLAI?
Title
Hirschmann HiLCOS Classic Platform Password Exposure via SNMP
Summary
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.
Severity ?
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann HiLCOS Classic Platform |
Unaffected:
>= 09.0.06
(custom)
Unaffected: >= 05.3.07 (custom) Affected: 0 , ≤ 09.0.05 (semver) Affected: 0 , ≤ 05.3.06 (semver) |
Date Public ?
2016-12-19 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hirschmann HiLCOS Classic Platform",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "\u003e= 09.0.06",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "\u003e= 05.3.07",
"versionType": "custom"
},
{
"lessThanOrEqual": "09.0.05",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "05.3.06",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2016-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T21:59:07.731Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/1d8273c6205dc400/original/Security-Bulletin-Password-Sync-SNMP-v1-v2-BSECV-2016-12.pdf"
},
{
"url": "https://www.kb.cert.org/vuls/id/507216"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-classic-platform-password-exposure-via-snmp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiLCOS Classic Platform Password Exposure via SNMP"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-15058",
"datePublished": "2026-04-03T21:59:07.731Z",
"dateReserved": "2026-04-03T21:50:15.953Z",
"dateUpdated": "2026-04-03T21:59:07.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2015-10148 (GCVE-0-2015-10148)
Vulnerability from cvelistv5 – Published: 2026-04-03 21:42 – Updated: 2026-04-03 21:42
VLAI?
Title
Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys
Summary
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.
Severity ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann HiLCOS |
Unaffected:
>= 9.10
(custom)
Affected: 0 , ≤ 9.00-RU1 (semver) Affected: 0 , ≤ 8.80 (semver) Affected: 0 , ≤ 8.60 (semver) |
Date Public ?
2015-12-11 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hirschmann HiLCOS",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "\u003e= 9.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.00-RU1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.80",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2015-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T21:42:51.401Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/76d31798e65c9f47/original/Security-Bulletin-SSH-SSL-Default-Keys-HiLCOS-Hirschmann-BSECV-2015-12.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-hard-coded-credentials-ssh-ssl-keys"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2015-10148",
"datePublished": "2026-04-03T21:42:51.401Z",
"dateReserved": "2026-04-03T21:32:33.851Z",
"dateUpdated": "2026-04-03T21:42:51.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25237 (GCVE-0-2018-25237)
Vulnerability from cvelistv5 – Published: 2026-04-03 21:22 – Updated: 2026-04-03 21:22
VLAI?
Title
Hirschmann HiSecOS Buffer Overflow via HTTPS Login
Summary
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers can exploit improper bounds checking in password handling to overflow a fixed-size buffer and achieve denial of service or remote code execution.
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann HiSecOS Classic Firewall (EAGLE, EAGLE One) |
Unaffected:
05.3.03
(custom)
Affected: 0 , ≤ 05.3.02 (semver) |
Date Public ?
2018-02-26 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hirschmann HiSecOS Classic Firewall (EAGLE, EAGLE One)",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "05.3.03",
"versionType": "custom"
},
{
"lessThanOrEqual": "05.3.02",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2018-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers can exploit improper bounds checking in password handling to overflow a fixed-size buffer and achieve denial of service or remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T21:22:40.634Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/2d5657b3e5d721c6/original/Security-Bulletin-RADIUS-Authentication-BSECV-2018-04.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-hisecos-buffer-overflow-via-https-login"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiSecOS Buffer Overflow via HTTPS Login"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25237",
"datePublished": "2026-04-03T21:22:40.634Z",
"dateReserved": "2026-04-03T21:16:19.764Z",
"dateUpdated": "2026-04-03T21:22:40.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-20237 (GCVE-0-2017-20237)
Vulnerability from cvelistv5 – Published: 2026-04-03 21:05 – Updated: 2026-04-03 21:05
VLAI?
Title
Hirschmann Industrial HiVision Authentication Bypass Remote Code Execution
Summary
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service to bypass authentication and achieve remote code execution on the underlying operating system.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication (CWE-287)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann Industrial HiVision |
Affected:
0 , ≤ 06.0.06
(semver)
Affected: 0 , ≤ 07.0.02 (semver) Unaffected: 06.0.07 (semver) Unaffected: 07.0.03 (semver) |
Date Public ?
2017-08-18 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hirschmann Industrial HiVision",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "06.0.06",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "07.0.02",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "06.0.07",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "07.0.03",
"versionType": "semver"
}
]
}
],
"datePublic": "2017-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service to bypass authentication and achieve remote code execution on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication (CWE-287)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T21:05:49.713Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/1cb01df62f1f31e3/original/Unauthenticated-Remote-Code-Execution-Security-Bulletin-Hirschmann-BSECV-2017-02.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-authentication-bypass-remote-code-execution"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann Industrial HiVision Authentication Bypass Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20237",
"datePublished": "2026-04-03T21:05:49.713Z",
"dateReserved": "2026-04-03T19:47:32.576Z",
"dateUpdated": "2026-04-03T21:05:49.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37216 (GCVE-0-2020-37216)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:19 – Updated: 2026-04-04 03:23
VLAI?
Title
Hirschmann HiOS EtherNet/IP Stack Denial of Service
Summary
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann HiOS |
Unaffected:
>= 08.1.00
(custom)
Unaffected: >= 07.1.01 (custom) Affected: 05.00.00 , ≤ 08.0.00 (semver) |
Date Public ?
2020-09-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-04T03:22:43.470099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T03:23:19.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hirschmann HiOS",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "\u003e= 08.1.00",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "\u003e= 07.1.01",
"versionType": "custom"
},
{
"lessThanOrEqual": "08.0.00",
"status": "affected",
"version": "05.00.00",
"versionType": "semver"
}
]
}
],
"datePublic": "2020-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:47:47.596Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/3d3e2cbfa4860258/original/Belden-Security-Bulletin-BSECV-2019-14.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-hios-ethernet-ip-stack-denial-of-service"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiOS EtherNet/IP Stack Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37216",
"datePublished": "2026-04-03T20:19:25.269Z",
"dateReserved": "2026-04-03T15:51:05.544Z",
"dateUpdated": "2026-04-04T03:23:19.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4987 (GCVE-0-2022-4987)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:15 – Updated: 2026-04-03 20:15
VLAI?
Title
Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution
Summary
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binary in the execution path of a configured external application, causing it to be executed instead of the intended application. This can result in execution with elevated privileges depending on the context of the external application.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann Industrial HiVision |
Affected:
0 , ≤ 08.1.03
(semver)
Unaffected: 08.2.00 (semver) Unaffected: 08.1.04 (semver) |
Date Public ?
2022-10-17 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hirschmann Industrial HiVision",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "08.1.03",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "08.2.00",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "08.1.04",
"versionType": "semver"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binary in the execution path of a configured external application, causing it to be executed instead of the intended application. This can result in execution with elevated privileges depending on the context of the external application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:15:24.713Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/62ae167036cb17c3/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-03_1v0-002-docx.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-external-application-path-hijacking-leading-to-arbitrary-code-execution"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-4987",
"datePublished": "2026-04-03T20:15:24.713Z",
"dateReserved": "2026-04-03T15:02:21.827Z",
"dateUpdated": "2026-04-03T20:15:24.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4986 (GCVE-0-2022-4986)
Vulnerability from cvelistv5 – Published: 2026-04-02 21:52 – Updated: 2026-04-03 22:33
VLAI?
Title
Hirschmann EagleSDV Denial of Service via TLS
Summary
Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann EagleSDV |
Unaffected:
05.4.02
(custom)
Affected: 0 , < 05.4.01 (semver) |
Date Public ?
2022-08-01 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T12:54:03.269264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T12:54:10.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann EagleSDV",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "05.4.02",
"versionType": "custom"
},
{
"lessThan": "05.4.01",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2022-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:33:40.419Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/1c8fe5d916567af6/original/Belden_Security_Bulletin_BSECV-2022-08.pdf"
},
{
"url": "https://www.vulncheck.com/advisories/hirschmann-eaglesdv-denial-of-service-via-tls"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann EagleSDV Denial of Service via TLS"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-4986",
"datePublished": "2026-04-02T21:52:33.163Z",
"dateReserved": "2026-04-02T21:38:23.572Z",
"dateUpdated": "2026-04-03T22:33:40.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-14033 (GCVE-0-2024-14033)
Vulnerability from cvelistv5 – Published: 2026-04-02 20:40 – Updated: 2026-04-03 22:22
VLAI?
Title
Hirschmann EagleSDV Denial of Service via TLS
Summary
Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann EagleSDV |
Unaffected:
05.4.02
(custom)
Affected: 0 , < 05.4.01 (semver) |
Date Public ?
2022-08-01 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-14033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T14:44:06.408864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T14:44:14.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann EagleSDV",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "05.4.02",
"versionType": "custom"
},
{
"lessThan": "05.4.01",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2022-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:22:40.094Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/774d24c02be5c220/original/Belden_Security_Bulletin_BSECV-2024-16.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-industrial-it-hilcos-heap-overflow-dos"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann EagleSDV Denial of Service via TLS"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-14033",
"datePublished": "2026-04-02T20:40:37.469Z",
"dateReserved": "2026-04-01T21:08:43.378Z",
"dateUpdated": "2026-04-03T22:22:40.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15620 (GCVE-0-2025-15620)
Vulnerability from cvelistv5 – Published: 2026-04-02 20:28 – Updated: 2026-04-03 22:24
VLAI?
Title
HiOS Switch Platform Denial-of-Service via Web Interface
Summary
HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.
Severity ?
9.3 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann HiOS Switch Platform |
Affected:
09.1.00 , ≤ 09.4.05
(semver)
Affected: 10.0.00 , ≤ 10.3.01 (semver) |
Date Public ?
2025-10-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T15:38:11.509590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T15:38:38.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiOS Switch Platform",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "09.4.05",
"status": "affected",
"version": "09.1.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.3.01",
"status": "affected",
"version": "10.0.00",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:24:26.625Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Belden Security Advisories",
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hios-switch-platform-denial-of-service-via-web-interface"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HiOS Switch Platform Denial-of-Service via Web Interface"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-15620",
"datePublished": "2026-04-02T20:28:08.711Z",
"dateReserved": "2026-04-01T21:14:41.757Z",
"dateUpdated": "2026-04-03T22:24:26.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-14034 (GCVE-0-2024-14034)
Vulnerability from cvelistv5 – Published: 2026-04-02 20:01 – Updated: 2026-04-03 22:27
VLAI?
Title
Hirschmann HiEOS Authentication Bypass via HTTP Management Module
Summary
Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication (CWE-287)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann HiEOS LRS11 |
Affected:
0 , < 01.1.00
(semver)
|
Date Public ?
2024-04-26 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-14034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T13:38:37.515745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T13:41:18.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiEOS LRS11",
"vendor": "Belden",
"versions": [
{
"lessThan": "01.1.00",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication (CWE-287)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:27:03.051Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Belden Security Bulletins",
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/7ec5c6da25ef288/original/Belden_Security_Bulletin_BSECV-2024-02_1v0.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-hieos-authentication-bypass-via-http-management-module"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hirschmann HiEOS Authentication Bypass via HTTP Management Module"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-14034",
"datePublished": "2026-04-02T20:01:23.748Z",
"dateReserved": "2026-04-01T21:21:41.800Z",
"dateUpdated": "2026-04-03T22:27:03.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7343 (GCVE-0-2023-7343)
Vulnerability from cvelistv5 – Published: 2026-04-02 19:56 – Updated: 2026-04-03 22:30
VLAI?
Title
Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File
Summary
HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann Industrial HiVision |
Unaffected:
08.3.02
(semver)
Affected: 05.0.00 , ≤ 08.3.01 (semver) |
Date Public ?
2023-03-28 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T20:19:10.286674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T20:25:38.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann Industrial HiVision",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "08.3.02",
"versionType": "semver"
},
{
"lessThanOrEqual": "08.3.01",
"status": "affected",
"version": "05.0.00",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T22:30:23.855Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Belden Security Bulletins",
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/774e2db2b0100bc1/original/Belden-Security-Bulletin-BSECV-2023-06.pdf"
},
{
"url": "https://www.vulncheck.com/advisories/belden-industrial-hivision-arbitrary-code-execution-via-malicious-project-file"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-7343",
"datePublished": "2026-04-02T19:56:24.883Z",
"dateReserved": "2026-04-01T21:30:55.311Z",
"dateUpdated": "2026-04-03T22:30:23.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7342 (GCVE-0-2023-7342)
Vulnerability from cvelistv5 – Published: 2026-04-02 18:27 – Updated: 2026-04-02 22:28
VLAI?
Title
Belden HiSecOS Web Server Privilege Escalation
Summary
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Belden | Hirschmann HiSecOS EAGLE |
Affected:
03.4.00 , ≤ 04.1.00
(semver)
|
Date Public ?
2023-01-30 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T19:15:02.644087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T19:15:13.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiSecOS EAGLE",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "04.1.00",
"status": "affected",
"version": "03.4.00",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.\u003c/p\u003e"
}
],
"value": "HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T22:28:20.774Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Belden Security Bulletins",
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/4828b7cf8b652105/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-07_1v0-docx.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/belden-hisecos-web-server-privilege-escalation"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Belden HiSecOS Web Server Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-7342",
"datePublished": "2026-04-02T18:27:15.226Z",
"dateReserved": "2026-04-01T21:24:27.566Z",
"dateUpdated": "2026-04-02T22:28:20.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53908 (GCVE-0-2023-53908)
Vulnerability from cvelistv5 – Published: 2025-12-17 22:44 – Updated: 2026-04-02 18:47
VLAI?
Title
HiSecOS 04.0.01 Privilege Escalation via User Role Modification
Summary
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
dreizehnutters
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:51:21.277692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:04:52.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HiSecOS",
"vendor": "Belden",
"versions": [
{
"status": "affected",
"version": "04.0.01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dreizehnutters"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.\u003c/p\u003e"
}
],
"value": "HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:47:04.169Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51537",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51537"
},
{
"name": "Official Product Webpage",
"tags": [
"product"
],
"url": "https://www.belden.com/products/industrial-networking-cybersecurity/software-solutions/device-software/hisecos-firewall-software"
},
{
"name": "VulnCheck Advisory: HiSecOS 04.0.01 Privilege Escalation via User Role Modification",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hisecos-privilege-escalation-via-user-role-modification"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HiSecOS 04.0.01 Privilege Escalation via User Role Modification",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53908",
"datePublished": "2025-12-17T22:44:46.403Z",
"dateReserved": "2025-12-16T19:22:09.994Z",
"dateUpdated": "2026-04-02T18:47:04.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27734 (GCVE-0-2021-27734)
Vulnerability from cvelistv5 – Published: 2021-05-17 14:28 – Updated: 2024-08-03 21:26
VLAI?
Summary
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914\u0026mediaformatid=50063\u0026destinationid=10016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T14:28:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914\u0026mediaformatid=50063\u0026destinationid=10016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914\u0026mediaformatid=50063\u0026destinationid=10016",
"refsource": "MISC",
"url": "https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914\u0026mediaformatid=50063\u0026destinationid=10016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27734",
"datePublished": "2021-05-17T14:28:42.000Z",
"dateReserved": "2021-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:10.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9307 (GCVE-0-2020-9307)
Vulnerability from cvelistv5 – Published: 2021-02-11 20:32 – Updated: 2024-08-04 10:26
VLAI?
Summary
Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2021-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.belden.com/security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T20:32:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.belden.com/security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view",
"refsource": "CONFIRM",
"url": "https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view"
},
{
"name": "https://www.belden.com/security",
"refsource": "MISC",
"url": "https://www.belden.com/security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9307",
"datePublished": "2021-02-11T20:32:13.000Z",
"dateReserved": "2020-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5471 (GCVE-0-2018-5471)
Vulnerability from cvelistv5 – Published: 2018-03-06 21:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Hirschmann Automation and Control GmbH Classic Platform Switches |
Affected:
Hirschmann Automation and Control GmbH Classic Platform Switches
|
Date Public ?
2018-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
],
"datePublic": "2018-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-10T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"version": {
"version_data": [
{
"version_value": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103340"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5471",
"datePublished": "2018-03-06T21:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5465 (GCVE-0-2018-5465)
Vulnerability from cvelistv5 – Published: 2018-03-06 21:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Hirschmann Automation and Control GmbH Classic Platform Switches |
Affected:
Hirschmann Automation and Control GmbH Classic Platform Switches
|
Date Public ?
2018-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
],
"datePublic": "2018-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-10T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"version": {
"version_data": [
{
"version_value": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103340"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5465",
"datePublished": "2018-03-06T21:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5467 (GCVE-0-2018-5467)
Vulnerability from cvelistv5 – Published: 2018-03-06 21:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Hirschmann Automation and Control GmbH Classic Platform Switches |
Affected:
Hirschmann Automation and Control GmbH Classic Platform Switches
|
Date Public ?
2018-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
],
"datePublic": "2018-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-10T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"version": {
"version_data": [
{
"version_value": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-598"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103340"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5467",
"datePublished": "2018-03-06T21:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5461 (GCVE-0-2018-5461)
Vulnerability from cvelistv5 – Published: 2018-03-06 21:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Hirschmann Automation and Control GmbH Classic Platform Switches |
Affected:
Hirschmann Automation and Control GmbH Classic Platform Switches
|
Date Public ?
2018-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
],
"datePublic": "2018-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-10T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"version": {
"version_data": [
{
"version_value": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-326"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103340"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5461",
"datePublished": "2018-03-06T21:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5469 (GCVE-0-2018-5469)
Vulnerability from cvelistv5 – Published: 2018-03-06 21:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Hirschmann Automation and Control GmbH Classic Platform Switches |
Affected:
Hirschmann Automation and Control GmbH Classic Platform Switches
|
Date Public ?
2018-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
],
"datePublic": "2018-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-10T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "103340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103340"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hirschmann Automation and Control GmbH Classic Platform Switches",
"version": {
"version_data": [
{
"version_value": "Hirschmann Automation and Control GmbH Classic Platform Switches"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103340"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5469",
"datePublished": "2018-03-06T21:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}