CVE-2023-7343
published 2026-04-02CVE-2023-7343: Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an…
PriorityP343high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.14%
3.9th percentile
Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision process.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belden | hirschmann_industrial_hivision | 05.0.00 – 08.3.01 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.08.5HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Belden Hirschmann Industrial HiVision up to 08.3.01/08.3.1 Packet privileges management
vuldb·2026-05-26·CVSS 8.5
CVE-2023-7343 [HIGH] Belden Hirschmann Industrial HiVision up to 08.3.01/08.3.1 Packet privileges management
A vulnerability was found in Belden Hirschmann Industrial HiVision up to 08.3.01/08.3.1. It has been classified as critical. Impacted is an unknown function of the component Packet Handler. Performing a manipulation results in improper privilege management.
This vulnerability is known as CVE-2023-7343. Attacking locally is a requirement. No exploit is available.
Upgrading the affected component is recommended.
GHSA
GHSA-qq9p-jh9v-jwwc: HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges
ghsa_unreviewed·2026-04-02
CVE-2023-7343 [HIGH] CWE-269 GHSA-qq9p-jh9v-jwwc: HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges
HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-02
Published