TROYANOSYVIRUS
Retour aux CVEs

CVE-2017-20238

HIGH
7.1

Description

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.

Details CVE

Score CVSS v3.17.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie4/3/2026
Derniere modification4/3/2026
Sourcenvd
Observations honeypot0

Faiblesses (CWE)

CWE-285

References

https://assets.belden.com/m/7cc5d59343125b25/original/Security-Bulletin-Restricted-User-Roles-Write-Access-HiVision-2017-01.pdf(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-improper-authorization-privilege-escalation(disclosure@vulncheck.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.