CVE-2017-20238

HIGH

7.1

Description

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.

CVE Details

CVSS v3.1 Score7.1

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published4/3/2026

Last Modified4/3/2026

Sourcenvd

Honeypot Sightings0

Weaknesses (CWE)

CWE-285

References

https://assets.belden.com/m/7cc5d59343125b25/original/Security-Bulletin-Restricted-User-Roles-Write-Access-HiVision-2017-01.pdf(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-improper-authorization-privilege-escalation(disclosure@vulncheck.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.