CVE-2024-14034
CRITICALHirschmann HiEOS Authentication Bypass via HTTP Management Module
Title source: cnaDescription
Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/hirschmann-hieos-authentication-bypass-via-http-management-module
Vendor Advisory vendor-advisory
Belden Security Bulletins
https://assets.belden.com/m/7ec5c6da25ef288/original/Belden_Security_Bulletin_BSECV-2024-02_1v0.pdf
Scores
CVSS v3
9.8
EPSS
0.0046
EPSS Percentile
36.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (1)
Belden/Hirschmann HiEOS LRS11
< 01.1.00
Published
Apr 02, 2026
Tracked Since
Apr 03, 2026