CVE-2018-25236
Authentication Bypass in Hirschmann HiOS HTTP(S) Management Module
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | hios | * |
| hirschmann | hisecos | * |
| hirschmann | rsp | * |
| hirschmann | rspe | * |
| hirschmann | rsps | * |
| hirschmann | rspl | * |
| hirschmann | msp | * |
| hirschmann | ees | * |
| hirschmann | eesx | * |
| hirschmann | grs | * |
| hirschmann | os | * |
| hirschmann | red | * |
| hirschmann | eagle | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Hirschmann HiOS and HiSecOS products' HTTP(S) management module. It is an authentication bypass flaw that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP requests.
The issue arises from improper authentication handling, enabling attackers to obtain the authentication status and privileges of a previously authenticated user without needing valid credentials.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain administrative access to affected Hirschmann devices remotely without authentication.
This can lead to unauthorized control over the device, potentially allowing the attacker to change configurations, disrupt network operations, or access sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated remote attackers to gain administrative access by bypassing authentication in Hirschmann HiOS and HiSecOS products. Such unauthorized access can lead to exposure, modification, or deletion of sensitive data.
As a result, organizations using affected products may face challenges in maintaining compliance with common standards and regulations such as GDPR and HIPAA, which require strict access controls and protection of sensitive information.
Failure to prevent unauthorized administrative access could lead to data breaches, potentially violating data protection requirements and resulting in legal and financial consequences.