top of page
perceptive_background_267k.jpg

Hirschmann HiEOS devices contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain ad…

Published:

1 April 2026 at 22:00:00

Alert date:

2 April 2026 at 21:02:32

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Critical Infrastructure

A critical authentication bypass vulnerability (CVE-2024-14034) exists in Hirschmann HiEOS devices' HTTP(S) management module. The vulnerability allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification. This affects the management interface of industrial network devices manufactured by Hirschmann.

Technical details

Mitigation steps:

Affected products:

Hirschmann HiEOS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2024-14034
https://assets.belden.com/m/7ec5c6da25ef288/original/Belden_Security_Bulletin_BSECV-2024-02_1v0.pdf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page