CVE-2024-14034
Authentication Bypass in Hirschmann HiEOS HTTP(S) Management Module
Publication date: 2026-04-02
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | hieos_lrs11 | to 01.1.00 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote attackers to gain administrative access to Hirschmann HiEOS devices, enabling unauthorized configuration changes and firmware modifications.
Such unauthorized access and control over critical network devices can lead to data breaches, unauthorized data processing, and compromise of system integrity, which may violate compliance requirements under standards like GDPR and HIPAA that mandate strict access controls and protection of sensitive data.
Therefore, failure to patch this vulnerability promptly could result in non-compliance with these regulations due to increased risk of unauthorized access and potential data exposure.
Can you explain this vulnerability to me?
CVE-2024-14034 is a critical vulnerability in the HTTP(S) management module of Hirschmann HiEOS LRS11 devices (versions below 01.1.00).
It allows unauthenticated remote attackers to bypass the web server authentication by sending specially crafted HTTP(S) requests that exploit improper handling of authentication status and privileges.
Successful exploitation grants administrative access to the attacker.
This enables unauthorized actions such as configuration download or upload and firmware modification.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows unauthenticated remote attackers to gain administrative access to Hirschmann HiEOS devices.
Attackers can perform unauthorized actions including downloading or uploading device configurations and modifying firmware.
Such actions can lead to device compromise, disruption of network operations, and potential further exploitation within the affected environment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2024-14034, it is advised to promptly apply the security updates released by Belden for Hirschmann HiEOS LRS11 devices.
These updates address the authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access.