CVE-2017-20238

HIGH

Hirschmann Industrial HiVision Improper Authorization Privilege Escalation

Title source: cna

Description

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://assets.belden.com/m/7cc5d59343125b25/original/Security-Bulletin-Restricted-User-Roles-Write-Access-HiVision-2017-01.pdf

https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-improper-authorization-privilege-escalation

Scores

CVSS v3 7.1

EPSS 0.0024

EPSS Percentile 14.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (5)

Belden/Hirschmann Industrial HiVision < 07.00

Belden/Hirschmann Industrial HiVision 06.0.00 - 06.0.05

Belden/Hirschmann Industrial HiVision 06.0.06

Belden/Hirschmann Industrial HiVision 07.0.01

Belden/Hirschmann Industrial HiVision 07.01

Published Apr 03, 2026

Tracked Since Apr 04, 2026