Belden Hisecos vulnerabilities

CVE-2023-53908 [HIGH] CWE-269 CVE-2023-53908: HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to mod HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.

CVE-2021-27734 [CRITICAL] CWE-287 CVE-2021-27734: Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 al Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.