CVE-2024-14033— Hirschmann EagleSDV Denial of Service via TLS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-14033
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hirschmann EagleSDV Denial of Service via TLS
Source: NVD (National Vulnerability Database)
Vulnerability Description
Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Belden Hirschmann EagleSDV 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Belden Hirschmann EagleSDV是美国Belden公司的一款工业网络安全防火墙设备。 Belden Hirschmann EagleSDV存在资源管理错误漏洞,该漏洞源于HiLCOS Web接口存在堆溢出,可能导致未经身份验证的远程攻击者触发拒绝服务条件。以下型号受到影响:BAT-R、BAT-F、BAT450-F、BAT867-R、BAT867-F、WLC和BAT Controller Virtual。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Belden | Hirschmann EagleSDV | 0 ~ 05.4.01 | - |
II. Public POCs for CVE-2024-14033
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-14033
请登录查看更多情报信息。
Same Patch Batch · Belden · 2026-04-02 · 6 CVEs total
| CVE-2024-14034 | 9.8 CRITICAL | Hirschmann HiEOS Authentication Bypass via HTTP Management Module |
| CVE-2025-15620 | 9.3 CRITICAL | HiOS Switch Platform Denial-of-Service via Web Interface |
| CVE-2023-7342 | 8.8 HIGH | Belden HiSecOS Web Server Privilege Escalation |
| CVE-2023-7343 | 7.8 HIGH | Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File |
| CVE-2022-4986 | 7.5 HIGH | Hirschmann EagleSDV Denial of Service via TLS |
IV. Related Vulnerabilities
Same vendor: Belden
- CVE-2017-20234
GarrettCom Magnum 6K and 10K Authentication Bypass via Hardc - CVE-2017-20233
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traff - CVE-2018-25236
Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Manag - CVE-2021-4477
Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass - CVE-2017-20238
Hirschmann Industrial HiVision Improper Authorization Privil
Same weakness: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. Comments for CVE-2024-14033
No comments yet