← Back to home
ICSA-20-091-01  ·  Published 2020-03-31  ·  View on CISA ICS-CERT ↗

Hirschmann Automation and Control HiOS and HiSecOS Products

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.

CVEs (1)

Remediations

  • Hirschmann recommends updating HiOS products to Version 07.0.03 or higher and HiSecOS products to Version 03.3.00 or higher.
  • Hirschmann also recommends, as a workaround, users either use the “IP Access Restriction” feature to restrict HTTP and HTTPS to trusted IP addresses, or disable the HTTP and HTTPS server.
  • For more information regarding this vulnerability and the associated mitigations, please see Belden security bulletin number BSECV-2020-01.
  • For additional resources, please go to https://www.belden.com/security.

Affected Vendors

Hirschmann Automation and Control GmbH, Belden Inc.

Affected Products (2)

Hirschmann Automation and Control GmbH, Belden Inc. · EAGLE20/30 03.2.00
Hirschmann Automation and Control GmbH, Belden Inc. · RSP RSPE RSPS RSPL MSP EES EES EESX GRS OS RED <= HiOS 07.0.02

Affected Sectors

Information Technology

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more