CVE-2017-20238
Improper Authorization in Hirschmann HiVision Allows Unauthorized Configuration Changes
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | industrial_hivision | to 06.0.06 (exc) |
| hirschmann | industrial_hivision | to 07.0.01 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01. It is an improper authorization flaw that allows users with read-only permissions to bypass access control mechanisms and gain write access to managed devices.
Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users who should only have read-only access to instead modify device configurations. This can lead to unauthorized changes in network device settings, potentially disrupting network operations or compromising device security.