Dreizehnutters

**Name of the Vulnerable Software and Affected Versions** HiSecOS version 04.0.01 **Description** The software contains a flaw that allows authenticated users to change their access level. This is possible through specially crafted XML payloads sent to the `/mops data` API endpoint using NETCONF configuration. By manipulating the role value within the XML, attackers can elevate their privileges to an administrative level. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/mops data` API endpoint to minimize the risk of exploitation.