Hirschmann HiEOS Authentication Bypass Vulnerability in HTTP(S) Management Module Granting Administrative Access
Vulnerability
An authentication bypass vulnerability has been identified in the HTTP(S) management module of Hirschmann HiEOS devices, specifically in the LRS11 product line versions prior to 01.1.00. This vulnerability allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Exploitation of this vulnerability takes advantage of improper authentication handling, enabling attackers to obtain elevated privileges and perform unauthorized actions such as downloading or uploading configurations and modifying firmware.
Impact
Exploitation of this vulnerability could lead to unauthorized administrative access, allowing attackers to execute administrative actions such as downloading or uploading device configurations, changing firmware, or gaining elevated privileges on the device.
Remediation
Customers are advised to update their HiEOS devices to the latest version to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.