{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25236", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-03T17:10:57.779Z", "datePublished": "2026-04-03T22:44:43.486Z", "dateUpdated": "2026-04-06T15:29:05.743Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-03T22:44:43.486Z"}, "title": "Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management", "descriptions": [{"lang": "en", "value": "Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials."}], "datePublic": "2018-05-25T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-287", "description": "Improper Authentication (CWE-287)", "type": "CWE"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiOS", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "05.07"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "06.1.04"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "06.2.00"}, {"status": "unaffected", "version": "06.1.05", "versionType": "custom"}, {"status": "unaffected", "version": "07.0.00", "versionType": "semver"}, {"status": "unaffected", "version": "03.1.00", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Belden", "product": "Hirschmann HiSecOS EAGLE", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "03.00.02"}, {"status": "unaffected", "version": "03.0.03", "versionType": "semver"}], "defaultStatus": "unaffected"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "references": [{"url": "https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management"}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:03:07.891866Z", "id": "CVE-2018-25236", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:29:05.743Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25236", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T15:03:07.891866Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:03:15.192Z"}}], "cna": {"title": "Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiOS", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "05.07"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "06.1.04"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "06.2.00"}, {"status": "unaffected", "version": "06.1.05", "versionType": "custom"}, {"status": "unaffected", "version": "07.0.00", "versionType": "semver"}, {"status": "unaffected", "version": "03.1.00", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Belden", "product": "Hirschmann HiSecOS EAGLE", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "03.00.02"}, {"status": "unaffected", "version": "03.0.03", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2018-05-25T00:00:00.000Z", "references": [{"url": "https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management"}], "descriptions": [{"lang": "en", "value": "Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication (CWE-287)"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-03T22:44:43.486Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25236", "state": "PUBLISHED", "dateUpdated": "2026-04-06T15:29:05.743Z", "dateReserved": "2026-04-03T17:10:57.779Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-03T22:44:43.486Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials."}], "id": "CVE-2018-25236", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-03T23:17:00.823", "references": [{"source": "disclosure@vulncheck.com", "url": "https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,05.07]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,06.1.04]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,06.2.00]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "06.1.05"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "07.0.00"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "03.1.00"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Hirschmann HiOS", "source": "cna", "vendor": "Belden"}, "product": "hirschmann_hios", "vendor": "belden"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,03.00.02]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "03.0.03"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 89.0, "source": "matching"}]}, "original": {"product": "Hirschmann HiSecOS EAGLE", "source": "cna", "vendor": "Belden"}, "product": "hirschmann_hisecos", "vendor": "belden"}], "analysis": {"en": {"generated_at": "2026-04-04T01:21:41.304139+00:00", "value": {"mitigation_remediation": ["Apply the latest security patch for Hirschmann HiOS and HiSecOS as distributed by Belden.", "If an official patch is unavailable or delayed, restrict external access to the HTTP management interface or place it behind a secure VPN or firewall.", "Verify that authentication mechanisms are enabled on the web server and that the device is not accepting unauthenticated requests.", "Review device logs for unexpected authentication status responses and investigate any anomalies."], "summary": {"action": "Patch Immediately", "impact": "Authentication bypass enabling administrator-level access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Belden Hirschmann HiOS and HiSecOS EAGLE products. Specific series impacted include RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and the EAGLE management platform. No version ranges are stated in the available data.", "description_and_impact": "An authentication bypass flaw in the HTTP(S) management interface of Hirschmann HiOS and HiSecOS allows an unauthenticated attacker to craft requests that reveal the authentication status of a user who had previously logged in. The flaw stems from improper enforcement of authentication checks, mapping to CWE\u2011287. If exploited, the attacker can gain administrative privileges on the system, potentially compromising confidentiality, integrity, and availability of the device.", "risk_and_exploitability": "With a CVSS score of 9.3, the flaw is considered critical. Although EPSS data is not available, the absence of a known exploit in the KEV catalog does not mitigate the risk. The likely attack vector is a remote HTTP(S) request to the management interface, and the vulnerability can be triggered without credentials or prior user interaction, making it straightforward for attackers to obtain full administrative control."}}}}, "created": "2026-04-06T21:22:00.192450+00:00", "updated": "2026-04-06T22:21:38.678690+00:00", "vendors": ["belden", "belden$PRODUCT$hirschmann_hios", "belden$PRODUCT$hirschmann_hisecos"]}