CVE-2017-20237

CRITICAL CVSS 9.8 View on NVD ↗

Description

Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service to bypass authentication and achieve remote code execution on the underlying operating system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://assets.belden.com/m/1cb01df62f1f31e3/original/Unauthenticated-Remote-Code-Execution-Security-Bulletin-Hirschmann-BSECV-2017-02.pdf
https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-authentication-bypass-remote-code-execution

Published: Apr 03, 2026 21:17 UTC Modified: Apr 03, 2026 21:17 UTC