CVE-2017-20238 HIGH

CVE-2017-20238: Hirschmann Industrial HiVision Improper Authorization Privilege Escalation

Vendor Belden
Product Hirschmann Industrial HiVision
Weakness CWE-285
Published April 3, 2026
Last update May 25, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.

Key dates

02Disclosure timeline

April 3, 2026 CVE published
May 25, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration CVE-2024-26193 Azure Migrate Remote Code Execution Vulnerability CVE-2025-9294 Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion