CVE-2023-7342
Received Received - Intake
Privilege Escalation in HiSecOS Web Server Allows Admin Access

Publication date: 2026-04-02

Last updated on: 2026-04-02

Assigner: VulnCheck

Description
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2023-7342
EUVD
EUVD-2023-60544
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
hirschmann hisecos_eagle From 03.4.00 (inc) to 04.0.xx (inc)
hirschmann hisecos_eagle 04.1.00
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2023-7342 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2023-7342 is a privilege escalation vulnerability in the HiSecOS web server used in Hirschmann EAGLE devices. Authenticated users with operator or auditor roles can exploit this flaw by sending specially crafted packets to the web server, which allows them to escalate their privileges to the administrator role.

This means that users who normally have limited access can gain full administrative control over the affected device.

Impact Analysis

Exploiting this vulnerability allows an attacker to gain full administrative access to the affected device.

With administrative privileges, an attacker can control, modify, or disrupt the device's operations, potentially leading to unauthorized changes, data breaches, or denial of service.

Given the high CVSS scores (8.7 and 8.8), this vulnerability represents a severe security risk.

Mitigation Strategies

To mitigate the CVE-2023-7342 vulnerability, users should upgrade the Hirschmann HiSecOS EAGLE devices to version 04.1.00 or higher, as updates addressing this privilege escalation flaw are available.

Since the vulnerability allows authenticated users with operator or auditor roles to escalate privileges by sending specially crafted packets, restricting access to trusted users and monitoring for unusual privilege escalation attempts can also help reduce risk until the update is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-7342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart