Belden HiSecOS Flaw Lets Authenticated Users Gain Administrator Access
Belden disclosed a high-severity privilege-escalation vulnerability, CVE-2023-7342, in the HiSecOS web server that allows authenticated users with operator or auditor roles to obtain administrator privileges by sending specially crafted packets. Successful exploitation can give an attacker full administrative control of the affected device, raising the risk of unauthorized configuration changes and broader compromise in environments that rely on the platform.
A related CVE entry, CVE-2023-7343, was published alongside the advisory stream and references a Belden security bulletin, but the available record appears to repeat the HiSecOS privilege-escalation details rather than clearly describing the separate issue named in its title. Both entries were published with CVSS v3.1 and CVSS v4.0 scoring metadata and CWE-269 classification, indicating Belden customers should review the vendor advisories closely to identify affected products and apply any recommended mitigations or updates.
Timeline
Apr 2, 2026
CVE-2023-7343 published with Belden bulletin reference
A CVE entry for CVE-2023-7343 was published with a reference to a Belden security bulletin and severity metadata including CWE and CVSS vectors. The synopsis labels it as affecting Belden Industrial HiVision, though the provided description appears inconsistent and repeats HiSecOS privilege-escalation details.
Apr 2, 2026
CVE-2023-7342 disclosed for HiSecOS web server privilege escalation
A CVE entry describes a privilege escalation flaw in the Belden HiSecOS web server that allows authenticated operator or auditor users to escalate to administrator by sending specially crafted packets. Successful exploitation could grant full administrative access to the affected device.
Apr 2, 2026
VulnCheck receives CVE records for Belden vulnerabilities
The vulnerability history for CVE-2023-7342 and CVE-2023-7343 indicates the records were newly received by disclosure@vulncheck.com. The entries reference Belden advisories and classify the issues as high-severity vulnerabilities affecting Belden products.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
Related Stories
Hirschmann Industrial HiVision Flaws Enable RCE via Auth Bypass and Path Hijacking
Belden disclosed two high-severity vulnerabilities in **Hirschmann Industrial HiVision** that can lead to arbitrary code execution. The more serious issue, tracked as `CVE-2017-20237`, is an authentication bypass in the product's master service that affects versions prior to **06.0.07** and **07.0.03**. An unauthenticated remote attacker can invoke exposed interface methods and execute commands with administrative privileges on the underlying operating system, creating a full remote code execution path with high impact to confidentiality, integrity, and availability. A second flaw, `CVE-2022-4987`, affects **08.1.03** prior to **08.1.04** and **08.2.00** and stems from improper sanitization of paths used to launch user-configured external applications. In that scenario, a low-privileged local attacker can place a malicious binary in the execution path so it runs instead of the intended program, potentially gaining elevated execution depending on deployment context. The vulnerabilities were documented in Belden security guidance and VulnCheck advisories, highlighting both remote and local routes to code execution in Industrial HiVision deployments.
1 months ago
Critical Authentication Bypass in Hirschmann HiOS and HiSecOS Grants Admin Access
Hirschmann disclosed a critical vulnerability, tracked as **`CVE-2018-25236`**, in the HTTP(S) management module of multiple **HiOS** and **HiSecOS** product lines, including **RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE**. The flaw allows an unauthenticated remote attacker to send specially crafted HTTP requests and gain administrative access to affected devices without valid credentials. The issue stems from improper authentication handling that can cause a new request to inherit the authentication state and privileges of a previously authenticated user. Belgium's Centre for Cybersecurity (CCB) issued a warning describing the bug as critical and urged organizations using affected Hirschmann industrial networking products to patch immediately to prevent unauthorized takeover of device management interfaces.
4 weeks ago
Multiple Vulnerabilities in Belden NetModule and Siemens Products Enable RCE
CERT-FR issued advisories for multiple vulnerabilities affecting **Belden NetModule Router Software** and a range of **Siemens** products. The flaws in Belden NetModule Router Software could allow a remote attacker to execute arbitrary code on affected systems and trigger a remote denial of service, raising concern for organizations that rely on these devices in operational and industrial environments. A separate CERT-FR notice reported multiple vulnerabilities across Siemens products that could enable **remote code execution**, **privilege escalation**, and **remote denial of service**. While the available notice summary did not list specific product names, `CVE` identifiers, or patch details, the combined disclosures indicate broad exposure across industrial technology vendors and underscore the need for defenders to identify affected assets and apply vendor guidance as updates become available.
3 weeks ago