CVE-2022-4986
Denial-of-Service in Hirschmann EagleSDV via TLS 1.0/1.1 Sessions
Publication date: 2026-04-02
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | eaglesdv | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Hirschmann EagleSDV contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1.
Attackers can exploit this vulnerability by initiating TLS connections with these older protocol versions, which disrupts the device's service availability.
How can this vulnerability impact me? :
This vulnerability can impact you by causing denial of service on the Hirschmann EagleSDV device.
An attacker can trigger a crash by initiating TLS connections using TLS 1.0 or TLS 1.1, which disrupts the availability of the device and any services relying on it.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid using TLS 1.0 or TLS 1.1 when establishing sessions with Hirschmann EagleSDV devices prior to version 05.4.02, as these protocol versions can trigger a denial-of-service crash.
Upgrading the device firmware to version 05.4.02 or later will resolve the issue.