CVE-2018-25236 — Improper Authentication in Hirschmann Hios

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

0.0%

top 92.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Belden Hirschmann Hios Belden Hirschmann Hisecos Eagle

Timeline

PublishedApr 3

Latest updateApr 4

Description

Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5belden/hirschmann_hisecos_eagle03.00.02

▶CVEListV5belden/hirschmann_hios05.07+2

🔴Vulnerability Details

GHSA

GHSA-9hhf-w3pr-8g2c: Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the↗2026-04-04

▶

CVEList

Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management↗2026-04-03

▶