CVE-2024-14033
Awaiting Analysis
Awaiting Analysis - Queue
Heap Overflow in Hirschmann HiLCOS Web Interface Causes DoS
Vulnerability report for CVE-2024-14033, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-02
Last updated on: 2026-05-26
Assigner: VulnCheck
Description
Description
Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-service vulnerability in TLS session establishment. Attackers can crash the device during TLS handshake by exploiting protocol downgrades to TLS 1.0 or TLS 1.1, interrupting service availability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | hilcos | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |