PT-2026-29899 · Hirschmann · Bat-R+7

Published

2026-04-02

Updated

2026-04-03

CVE-2024-14033

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual)

Description Hirschmann Industrial IT products are susceptible to a heap overflow in the HiLCOS web interface. Unauthenticated remote attackers can exploit this issue by sending crafted requests to the web interface, leading to a denial-of-service condition. The vulnerability is particularly impactful when the Public Spot functionality is enabled, potentially causing device crashes and service disruption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap Based Buffer Overflow

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-400

Related Identifiers

CVE-2024-14033

Affected Products

Bat Controller Virtual

Bat-F

Bat-R

Bat450-F

Bat867-F

Bat867-R

Hilcos

Wlc

PT-2026-29899 · Hirschmann · Bat-R+7

CVE-2024-14033

Weakness Enumeration

Related Identifiers

Affected Products

References · 7