CVE-2017-20237
CRITICALHirschmann Industrial HiVision Authentication Bypass Remote Code Execution
Title source: cnaDescription
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service to bypass authentication and achieve remote code execution on the underlying operating system.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://assets.belden.com/m/1cb01df62f1f31e3/original/Unauthenticated-Remote-Code-Execution-Security-Bulletin-Hirschmann-BSECV-2017-02.pdf
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-authentication-bypass-remote-code-execution
Scores
CVSS v3
9.8
EPSS
0.0096
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (4)
Belden/Hirschmann Industrial HiVision
< 06.0.06
Belden/Hirschmann Industrial HiVision
< 07.0.02
Belden/Hirschmann Industrial HiVision
06.0.07
Belden/Hirschmann Industrial HiVision
07.0.03
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026