Hirschmann disclosed a critical vulnerability, tracked as CVE-2018-25236, in the HTTP(S) management module of multiple HiOS and HiSecOS product lines, including RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE. The flaw allows an unauthenticated remote attacker to send specially crafted HTTP requests and gain administrative access to affected devices without valid credentials.
The issue stems from improper authentication handling that can cause a new request to inherit the authentication state and privileges of a previously authenticated user. Belgium's Centre for Cybersecurity (CCB) issued a warning describing the bug as critical and urged organizations using affected Hirschmann industrial networking products to patch immediately to prevent unauthorized takeover of device management interfaces.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
The Centre for Cybersecurity Belgium published an advisory warning that CVE-2018-25236 affects multiple Hirschmann HiOS/HiSecOS products and enables unauthenticated remote administrative access. The agency urged organizations to patch affected systems immediately.
Hirschmann disclosed a critical authentication bypass vulnerability in the HTTP(S) management module affecting multiple HiOS and HiSecOS product lines, including RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE. The flaw allows unauthenticated remote attackers to gain administrative access by sending crafted HTTP requests that inherit a previously authenticated user's privileges.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
ccb.belgium.be
Open sourcecvefeed.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.