Belden disclosed a high-severity privilege-escalation vulnerability, CVE-2023-7342, in the HiSecOS web server that allows authenticated users with operator or auditor roles to obtain administrator privileges by sending specially crafted packets. Successful exploitation can give an attacker full administrative control of the affected device, raising the risk of unauthorized configuration changes and broader compromise in environments that rely on the platform.
A related CVE entry, CVE-2023-7343, was published alongside the advisory stream and references a Belden security bulletin, but the available record appears to repeat the HiSecOS privilege-escalation details rather than clearly describing the separate issue named in its title. Both entries were published with CVSS v3.1 and CVSS v4.0 scoring metadata and CWE-269 classification, indicating Belden customers should review the vendor advisories closely to identify affected products and apply any recommended mitigations or updates.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
A CVE entry for CVE-2023-7343 was published with a reference to a Belden security bulletin and severity metadata including CWE and CVSS vectors. The synopsis labels it as affecting Belden Industrial HiVision, though the provided description appears inconsistent and repeats HiSecOS privilege-escalation details.
A CVE entry describes a privilege escalation flaw in the Belden HiSecOS web server that allows authenticated operator or auditor users to escalate to administrator by sending specially crafted packets. Successful exploitation could grant full administrative access to the affected device.
The vulnerability history for CVE-2023-7342 and CVE-2023-7343 indicates the records were newly received by disclosure@vulncheck.com. The entries reference Belden advisories and classify the issues as high-severity vulnerabilities affecting Belden products.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.