Description
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://assets.belden.com/m/3d3e2cbfa4860258/original/Belden-Security-Bulletin-BSECV-2019-14.pdf
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/hirschmann-hios-ethernet-ip-stack-denial-of-service
Scores
CVSS v3
7.5
EPSS
0.0092
EPSS Percentile
55.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (3)
Belden/Hirschmann HiOS
05.00.00 - 08.0.00
Belden/Hirschmann HiOS
>= 07.1.01
Belden/Hirschmann HiOS
>= 08.1.00
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026