Hirschmann Industrial HiVision Flaws Enable RCE via Auth Bypass and Path Hijacking
Belden disclosed two high-severity vulnerabilities in Hirschmann Industrial HiVision that can lead to arbitrary code execution. The more serious issue, tracked as CVE-2017-20237, is an authentication bypass in the product's master service that affects versions prior to 06.0.07 and 07.0.03. An unauthenticated remote attacker can invoke exposed interface methods and execute commands with administrative privileges on the underlying operating system, creating a full remote code execution path with high impact to confidentiality, integrity, and availability.
A second flaw, CVE-2022-4987, affects 08.1.03 prior to 08.1.04 and 08.2.00 and stems from improper sanitization of paths used to launch user-configured external applications. In that scenario, a low-privileged local attacker can place a malicious binary in the execution path so it runs instead of the intended program, potentially gaining elevated execution depending on deployment context. The vulnerabilities were documented in Belden security guidance and VulnCheck advisories, highlighting both remote and local routes to code execution in Industrial HiVision deployments.
Timeline
Apr 3, 2026
VulnCheck receives and publishes records for both Hirschmann Industrial HiVision CVEs
VulnCheck recorded both CVE-2017-20237 and CVE-2022-4987 as newly received by disclosure@vulncheck.com, adding vulnerability history details and references to the Belden bulletin and VulnCheck advisory. This marks the public cataloging of the two Hirschmann Industrial HiVision vulnerabilities in the referenced feed.
Apr 3, 2026
Belden discloses external application path hijacking flaw in Industrial HiVision
Belden published a security bulletin for CVE-2022-4987 in Hirschmann Industrial HiVision. The issue affects version 08.1.03 prior to 08.1.04 and version 08.2.00, allowing a local low-privilege attacker to hijack execution of external applications and potentially achieve arbitrary code execution with elevated privileges.
Apr 3, 2026
Belden discloses authentication bypass RCE in Hirschmann Industrial HiVision
Belden published a security bulletin for CVE-2017-20237 affecting Hirschmann Industrial HiVision. The flaw impacts versions prior to 06.0.07 and 07.0.03 and allows unauthenticated remote attackers to invoke exposed interface methods and execute arbitrary commands with administrative privileges.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Affected Products
Sources
Related Stories
Belden HiSecOS Flaw Lets Authenticated Users Gain Administrator Access
Belden disclosed a high-severity privilege-escalation vulnerability, **CVE-2023-7342**, in the **HiSecOS** web server that allows authenticated users with **operator** or **auditor** roles to obtain **administrator** privileges by sending specially crafted packets. Successful exploitation can give an attacker full administrative control of the affected device, raising the risk of unauthorized configuration changes and broader compromise in environments that rely on the platform. A related CVE entry, **CVE-2023-7343**, was published alongside the advisory stream and references a Belden security bulletin, but the available record appears to repeat the HiSecOS privilege-escalation details rather than clearly describing the separate issue named in its title. Both entries were published with **CVSS v3.1** and **CVSS v4.0** scoring metadata and **CWE-269** classification, indicating Belden customers should review the vendor advisories closely to identify affected products and apply any recommended mitigations or updates.
1 months ago
Critical Authentication Bypass in Hirschmann HiOS and HiSecOS Grants Admin Access
Hirschmann disclosed a critical vulnerability, tracked as **`CVE-2018-25236`**, in the HTTP(S) management module of multiple **HiOS** and **HiSecOS** product lines, including **RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE**. The flaw allows an unauthenticated remote attacker to send specially crafted HTTP requests and gain administrative access to affected devices without valid credentials. The issue stems from improper authentication handling that can cause a new request to inherit the authentication state and privileges of a previously authenticated user. Belgium's Centre for Cybersecurity (CCB) issued a warning describing the bug as critical and urged organizations using affected Hirschmann industrial networking products to patch immediately to prevent unauthorized takeover of device management interfaces.
4 weeks ago
Multiple Vulnerabilities in Belden NetModule and Siemens Products Enable RCE
CERT-FR issued advisories for multiple vulnerabilities affecting **Belden NetModule Router Software** and a range of **Siemens** products. The flaws in Belden NetModule Router Software could allow a remote attacker to execute arbitrary code on affected systems and trigger a remote denial of service, raising concern for organizations that rely on these devices in operational and industrial environments. A separate CERT-FR notice reported multiple vulnerabilities across Siemens products that could enable **remote code execution**, **privilege escalation**, and **remote denial of service**. While the available notice summary did not list specific product names, `CVE` identifiers, or patch details, the combined disclosures indicate broad exposure across industrial technology vendors and underscore the need for defenders to identify affected assets and apply vendor guidance as updates become available.
3 weeks ago