CVE-2017-20237
Authentication Bypass in Hirschmann HiVision Enables Remote Code Execution
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | industrial_hivision | to 06.0.07|end_excluding=07.0.03 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 have an authentication bypass vulnerability in the master service. This flaw allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges by invoking exposed interface methods over the remote service, effectively bypassing authentication and enabling remote code execution on the underlying operating system.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows attackers to remotely execute arbitrary commands with administrative privileges without authentication. This means attackers can take full control of the affected system, potentially leading to data theft, system manipulation, disruption of services, or further network compromise.