Hirschmann hios

This hub aggregates every CVE we track for Hirschmann hios, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Hirschmann hios.

• CVE-2018-25236Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management9.8Apr 3, 2026
• CVE-2020-37216Hirschmann HiOS EtherNet/IP Stack Denial of Service7.5Apr 3, 2026
• CVE-2021-27734Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.9.8May 17, 2021
• CVE-2020-9307Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. Thi...6.5Feb 11, 2021
• CVE-2020-6994A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exp...9.8Apr 3, 2020
• BDU:2020-01268Уязвимость модуля управления HTTP(S) программного обеспечения коммутатора Belden Hirschmann HiOS и Belden Hirschmann HiSecOS, позволяющая нарушителю получить несанкционированный доступ к конфендициальной информации8.1Mar 26, 2020
• CVE-2019-12262Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).9.8Aug 14, 2019
• CVE-2019-12261Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to ...9.8Aug 9, 2019
• CVE-2019-12260Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO op...9.8Aug 9, 2019
• CVE-2019-12258Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.7.5Aug 9, 2019
• CVE-2019-12255Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.9.8Aug 9, 2019
• CVE-2019-12265Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membersh...5.3Aug 9, 2019
• CVE-2019-12263Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.8.1Aug 9, 2019
• CVE-2019-12259Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.7.5Aug 9, 2019
• CVE-2019-12256Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.9.8Aug 9, 2019