VYPR
Vendor

Belden Hirschmann

Products
24
CVEs
40
Across products
48
Status
Private

Products

24

Recent CVEs

40
View all 40 CVEs →
  • CVE-2018-25236CriApr 3, 2026
    risk 0.64cvss 9.8epss 0.01

    Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed…

  • CVE-2018-25237CriApr 3, 2026
    risk 0.64cvss 9.8epss 0.01

    Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128…

  • CVE-2017-20237CriApr 3, 2026
    risk 0.64cvss 9.8epss 0.01

    Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed…

  • CVE-2024-14034CriApr 2, 2026
    risk 0.64cvss 9.8epss 0.00

    Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit…

  • CVE-2018-5469CriMar 6, 2018
    risk 0.64cvss 9.8epss 0.03

    An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has…

  • CVE-2017-11402CriNov 20, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset,…

  • CVE-2017-11401CriNov 20, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing…

  • CVE-2021-4477CriApr 3, 2026
    risk 0.59cvss 9.1epss 0.00

    Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or…

  • CVE-2023-7342HigApr 2, 2026
    risk 0.57cvss 8.8epss 0.00

    HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers…

  • CVE-2023-53908HigDec 17, 2025
    risk 0.57cvss 8.8epss 0.00

    HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user…

  • CVE-2018-5465HigMar 6, 2018
    risk 0.57cvss 8.8epss 0.02

    A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.

  • CVE-2025-15620HigApr 2, 2026
    risk 0.56cvss 8.6epss 0.01

    HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers…

  • CVE-2016-15058HigApr 3, 2026
    risk 0.53cvss 8.1epss 0.00

    Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when…

  • CVE-2015-10148HigApr 3, 2026
    risk 0.53cvss 8.2epss 0.00

    Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications.…

  • CVE-2023-7343HigApr 2, 2026
    risk 0.51cvss 7.8epss 0.00

    Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context…

  • CVE-2022-4986HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to…

  • CVE-2024-14033HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-service vulnerability in TLS session establishment. Attackers can crash the device during TLS handshake by exploiting protocol downgrades to TLS 1.0 or TLS 1.1, interrupting service availability.

  • CVE-2022-4987HigApr 3, 2026
    risk 0.47cvss 7.3epss 0.00

    Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place…

  • CVE-2017-20238HigApr 3, 2026
    risk 0.46cvss 7.1epss 0.00

    Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative…

  • CVE-2017-6038HigJun 30, 2017
    risk 0.46cvss 7.1epss 0.00

    A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.