Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management

Advisories

Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management

severity: critical
date: 4/3/2026
Affecting: Hirschmann HiOS < 06.1.05 and 07.0.00
Hirschmann HiSecOS EAGLE < 03.0.03 and 03.1.00
CVE: CVE-2018-25236
CWE: CWE-287 Improper Authentication (CWE-287)
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Belden Security Advisory
Description: Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo