Hirschmann Automation and Control HiOS and HiSecOS Products
Act Now9.8ICS-CERT ICSA-20-091-01Mar 31, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A buffer overflow vulnerability in the HTTP/HTTPS server of Hirschmann HiOS and HiSecOS products allows an unauthenticated remote attacker to overflow a buffer and fully compromise the device, potentially leading to arbitrary code execution. The vulnerability affects EAGLE20/30 running HiSecOS (version 03.2.00) and RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED devices running HiOS (version 07.0.02 and earlier). No public exploits are currently known.
What this means
What could happen
An unauthenticated attacker on the network could exploit a buffer overflow to run arbitrary code on affected Hirschmann switches and controllers, potentially disrupting network communication, stealing data, or triggering unsafe control actions.
Who's at risk
This affects Hirschmann Automation network switches and controllers (EAGLE20/30, RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED) used in manufacturing, utilities, and critical infrastructure environments. The devices are typically deployed in network core or edge positions where they interconnect PLCs, RTUs, and field devices. Compromise could disrupt network availability and enable lateral movement to control systems.
How it could be exploited
An attacker sends a specially crafted HTTP or HTTPS request to the device's web server. The malicious request exploits a buffer overflow in the input handling, allowing the attacker to overwrite memory and inject code that executes with device privileges. No authentication is required.
Prerequisites
- Network access to the device on HTTP (port 80) or HTTPS (port 443)
- HTTP or HTTPS server enabled on the device (default configuration)
Remotely exploitableNo authentication requiredLow complexityBuffer overflow vulnerabilityCritical CVSS score (9.8)No patch available for EAGLE20/30 HiSecOS
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
EAGLE20/30: HiSecOS03.2.00No fix yet
RSP RSPE RSPS RSPL MSP EES EES EESX GRS OS RED: HiOS≤ HiOS 07.0.02No fix yet
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDDisable HTTP and HTTPS server on the device if remote web access is not required
WORKAROUNDUse the IP Access Restriction feature to limit HTTP and HTTPS access to trusted management IP addresses only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate HiOS products to Version 07.0.03 or higher
HOTFIXUpdate HiSecOS products to Version 03.3.00 or higher
Long-term hardening
0/2HARDENINGIsolate industrial network segment from corporate network using firewall and network segmentation
HARDENINGEnsure devices are not directly exposed to the Internet; use VPN for remote access if required
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7793263c-9419-49e0-a85a-9331d7bc5b16