CVE-2023-7343
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation in HiSecOS Web Server Allows Admin Access

Publication date: 2026-04-02

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-14
NVD
CVE-2023-7343
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
hirschmann_network_management industrial_hivision to 08.3.01 (inc)
hirschmann_network_management industrial_hivision 08.3.02
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The CVE-2023-7343 vulnerability allows attackers to escalate privileges to administrator level, potentially compromising the confidentiality, integrity, and availability of the affected system.

Such a compromise can lead to unauthorized access and control over sensitive data and system functions, which may result in violations of compliance requirements under common standards and regulations like GDPR and HIPAA that mandate strict controls over data protection and system security.

Therefore, if exploited, this vulnerability could negatively impact an organization's ability to maintain compliance with these regulations by exposing sensitive information or disrupting critical services.

Executive Summary

The vulnerability in HiSecOS web server allows authenticated users with operator or auditor roles to escalate their privileges to the administrator role by sending specially crafted packets to the web server.

This means that an attacker who already has some level of access can exploit this flaw to gain full administrative access to the affected device.

Impact Analysis

Exploiting this vulnerability can give an attacker full administrative access to the affected device.

With administrator privileges, the attacker can control the device completely, potentially compromising the confidentiality, integrity, and availability of the system.

Mitigation Strategies

To mitigate the CVE-2023-7343 vulnerability, users should update Industrial HiVision software to version 08.3.02 or later, where the issue is resolved.

Avoid opening manipulated Industrial HiVision Project (IHP) files that could trigger execution of arbitrary scripts or binaries.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-7343. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart