Hirschmann Hios Security Vulnerabilities and Issues — Hirschmann Hios CVE List

Lucene search

BeldenHirschmann Hios

14 matches found

CVE•added 2019/08/09 8:15 p.m.•273 views

CVE-2019-12255

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.

9.8CVSS9.3AI score0.82379EPSS

CVE•added 2019/08/09 8:15 p.m.•258 views

CVE-2019-12258

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

7.5CVSS8.4AI score0.15025EPSS

CVE•added 2019/08/09 9:15 p.m.•252 views

CVE-2019-12261

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.

9.8CVSS9.2AI score0.17176EPSS

CVE•added 2019/08/09 9:15 p.m.•207 views

CVE-2019-12260

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

9.8CVSS9.3AI score0.26195EPSS

CVE•added 2019/08/09 7:15 p.m.•192 views

CVE-2019-12263

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.

8.1CVSS8.7AI score0.01422EPSS

CVE•added 2019/08/09 7:15 p.m.•168 views

CVE-2019-12259

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

7.5CVSS8.5AI score0.30047EPSS

CVE•added 2019/08/09 7:15 p.m.•146 views

CVE-2019-12265

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.

5.3CVSS7AI score0.16528EPSS

CVE•added 2019/08/09 6:15 p.m.•138 views

CVE-2019-12257

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

8.8CVSS9.3AI score0.15358EPSS

CVE•added 2019/08/09 6:15 p.m.•134 views

CVE-2019-12256

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

9.8CVSS9.5AI score0.17708EPSS

CVE•added 2019/08/14 8:15 p.m.•118 views

CVE-2019-12262

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

9.8CVSS9.3AI score0.00421EPSS

CVE•added 2020/04/03 7:15 p.m.•114 views

CVE-2020-6994

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The follow...

9.8CVSS9.5AI score0.00052EPSS

CVE•added 2019/08/05 6:15 p.m.•101 views

CVE-2019-12264

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.

7.1CVSS8.2AI score0.00284EPSS

CVE•added 2021/02/11 9:15 p.m.•43 views

CVE-2020-9307

Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a ...

6.5CVSS6.5AI score0.00036EPSS

CVE•added 2021/05/17 3:15 p.m.•43 views

CVE-2021-27734

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.

9.8CVSS9.4AI score0.00118EPSS