PT-2026-29892 · Hirschmann · Hirschmann Hios
Published
2026-04-02
·
Updated
2026-04-03
·
CVE-2024-14034
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hirschmann HiEOS devices versions prior to 01.1.00
Description
Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass in the HTTP(S) management module. Attackers can gain administrative access by sending specially crafted HTTP(S) requests. Improper authentication handling allows attackers to obtain elevated privileges and perform unauthorized actions, including configuration download or upload and firmware modification.
Recommendations
Update to version 01.1.00 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hirschmann Hios