Andere informatie en diensten van de overheid: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Critical CVE‑2018‑25236 affects multiple Hirschmann HiOS/HiSecOS products. It allows unauthenticated remote attackers to bypass authentication and gain administrative access, Patch Immediately!

Image
Decorative image
Gepubliceerd : 07/04/2026

. * Last Update: 07/04/2026

    * Affected products:
         → Hirschmann HiOS (RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED) versions: 05.0.07 and lower; 06.1.04 and lower; 06.2.00
         → Hirschmann HiSecOS (EAGLE) versions: 03.0.02 and lower.

    * Type: CWE-287: Improper Authentication

    * CVE/CVSS:

  • CVE‑2018‑25236: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

Belden - https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf

Risks

Hirschmann HiOS and HiSecOS (products including RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE) are network operating systems used in industrial and enterprise routing, switching, and security appliances. This authentication bypass vulnerability in the HTTP(S) management module allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP requests.

The impact to confidentiality, integrity, and availability is high. Exploitation could allow unauthorized control of network infrastructure, interception of network traffic, and denial of service across connected environments, potentially causing severe consequences in operational technology settings, where these appliances are commonly deployed.

There is no evidence of exploitation in the wild, however, the combination of high severity and relative ease of exploitation makes this a high-priority risk.

Description

This weakness allows attackers to conduct the following:

Delivery - The attacker sends a crafted HTTP(S) request targeting the management interface of a vulnerable Hirschmann HiOS/HiSecOS device.

Authentication Bypass - Due to improper handling of authentication status, the device fails to enforce credential checks on the management module. Specially formed requests can trick the device into treating the attacker as a previously authenticated user.

Execute / Post‑Compromise - With administrative access granted without valid credentials, the attacker can interact with the management interface with full privileges.

Recommended Actions

Patch 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2018-25236