VYPR

HiSecOS

by Belden Hirschmann

CVEs (6)

  • CVE-2018-25236CriApr 3, 2026
    risk 0.64cvss 9.8epss 0.01

    Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed…

  • CVE-2018-25237CriApr 3, 2026
    risk 0.64cvss 9.8epss 0.01

    Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128…

  • CVE-2021-27734CriMay 17, 2021
    risk 0.64cvss 9.8epss 0.01

    Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.

  • CVE-2023-7342HigApr 2, 2026
    risk 0.57cvss 8.8epss 0.00

    HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers…

  • CVE-2023-53908HigDec 17, 2025
    risk 0.57cvss 8.8epss 0.00

    HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user…

  • CVE-2023-7343HigApr 2, 2026
    risk 0.51cvss 7.8epss 0.00

    Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context…