CVE-2022-4987
Path Traversal in Hirschmann HiVision Enables Local Arbitrary Execution
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | industrial_hivision | to 08.1.04 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system. Because the malicious binary can run with elevated privileges, it may lead to unauthorized actions such as system compromise, data manipulation, or disruption of services.
Can you explain this vulnerability to me?
This vulnerability exists in Hirschmann Industrial HiVision versions prior to 08.1.04 and 08.2.00. It involves the execution of user-configured external applications where insufficient path sanitization allows a local attacker to place a malicious binary in the execution path. As a result, the malicious binary can be executed instead of the intended application.
The attacker can exploit this to run arbitrary binaries, potentially with elevated privileges depending on the context in which the external application runs.