CISA has published an advisory on a classic buffer overflow vulnerability in Hirschmann Automation and Control HiOS and HiSecOS Products. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device. Hirschmann recommends updating HiOS products to Version 07.0.03 or higher and HiSecOS products to Version 03.3.00 or higher. Hirschmann also recommends, as a workaround, users either use the “IP Access Restriction” feature to restrict HTTP and HTTPS to trusted IP addresses, or disable the HTTP and HTTPS server. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
You are here
Related Resources
May 29, 2025 in Cybersecurity, in Security Preparedness
May 29, 2025 in Cybersecurity, in Federal & State Resources, in Security Preparedness
May 29, 2025 in Cybersecurity, in Federal & State Resources, in Security Preparedness