CVE-2024-14034— Hirschmann HiEOS Authentication Bypass via HTTP Management Module
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-14034
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hirschmann HiEOS Authentication Bypass via HTTP Management Module
Source: NVD (National Vulnerability Database)
Vulnerability Description
Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Belden Hirschmann HiEOS LRS11 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Belden Hirschmann HiEOS LRS11是美国Belden公司的一款工业以太网交换机操作系统平台。 Belden Hirschmann HiEOS LRS11 01.1.00之前版本存在安全漏洞,该漏洞源于HTTP(S)管理模块身份验证处理不当,可能导致未经身份验证的远程攻击者获得管理访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Belden | Hirschmann HiEOS LRS11 | 0 ~ 01.1.00 | - |
II. Public POCs for CVE-2024-14034
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-14034
请登录查看更多情报信息。
Same Patch Batch · Belden · 2026-04-02 · 6 CVEs total
| CVE-2025-15620 | 9.3 CRITICAL | HiOS Switch Platform Denial-of-Service via Web Interface |
| CVE-2023-7342 | 8.8 HIGH | Belden HiSecOS Web Server Privilege Escalation |
| CVE-2023-7343 | 7.8 HIGH | Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File |
| CVE-2024-14033 | 7.5 HIGH | Hirschmann EagleSDV Denial of Service via TLS |
| CVE-2022-4986 | 7.5 HIGH | Hirschmann EagleSDV Denial of Service via TLS |
IV. Related Vulnerabilities
Same vendor: Belden
- CVE-2017-20234
GarrettCom Magnum 6K and 10K Authentication Bypass via Hardc - CVE-2017-20233
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traff - CVE-2018-25236
Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Manag - CVE-2021-4477
Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass - CVE-2017-20238
Hirschmann Industrial HiVision Improper Authorization Privil
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2024-14034
No comments yet