Description
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.
Published: 2026-04-03
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the EaetherNet/IP stack of certain Hirschmann HiOS devices. Improper validation of packet length fields allows a remote attacker to craft a UDP EtherNet/IP packet that declares a larger size than the actual payload, leading the stack to crash or hang. This results in a denial of service and leaves the device inoperable. The weakness is classified as CWE-20, input validation error.

Affected Systems

Devices running Belden Hirschmann HiOS firmware versions earlier than 08.1.00 and 07.1.01 are impacted. These versions are found on network gateways and industrial controllers that deploy the HiOS operating system.

Risk and Exploitability

The flaw carries a CVSS score of 8.7, indicating high severity. EPSS data is not available, but the vulnerability can be triggered over the network without authentication by sending crafted UDP packets on the standard EtherNet/IP port. Because the exploit requires no user interaction, exposed devices face a realistic risk of interruption, and the issue is not currently listed in CISA’s KEV catalog.

Generated by OpenCVE AI on April 3, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify all Hirschmann HiOS devices with firmware versions earlier than 08.1.00 or 07.1.01.
  • Verify current firmware versions and compare against vendor’s affected list.
  • If a newer firmware release exists, download the update from the vendor’s support portal and apply it following the official procedures.
  • Until the update is applied, isolate the affected devices from untrusted networks or block UDP port 44818 using network controls.
  • Monitor device logs for crashes or hangs that may indicate exploitation attempts.

Generated by OpenCVE AI on April 3, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Belden
Belden hirschmann Hios
Vendors & Products Belden
Belden hirschmann Hios

Sat, 04 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Hirschmann Industrial HiVision versions 08.1.03 prior to 08.1.04 and 08.2.00 contains an untrusted search path vulnerability that allows local attackers to execute arbitrary binaries by placing a malicious binary in the path of a configured external application. Attackers can exploit insufficient path sanitization to cause the execution of a malicious binary instead of the intended application, potentially resulting in execution with elevated privileges. Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable.
Title Hirschmann Industrial HiVision Untrusted Search Path Arbitrary Binary Execution Hirschmann HiOS EtherNet/IP Stack Denial of Service
Weaknesses CWE-426 CWE-20
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description Hirschmann Industrial HiVision versions 08.1.03 prior to 08.1.04 and 08.2.00 contains an untrusted search path vulnerability that allows local attackers to execute arbitrary binaries by placing a malicious binary in the path of a configured external application. Attackers can exploit insufficient path sanitization to cause the execution of a malicious binary instead of the intended application, potentially resulting in execution with elevated privileges.
Title Hirschmann Industrial HiVision Untrusted Search Path Arbitrary Binary Execution
Weaknesses CWE-426
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Belden Hirschmann Hios
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-04T03:23:19.214Z

Reserved: 2026-04-03T15:51:05.544Z

Link: CVE-2020-37216

cve-icon Vulnrichment

Updated: 2026-04-04T03:23:13.641Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T21:17:08.213

Modified: 2026-04-07T13:20:55.200

Link: CVE-2020-37216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T22:22:23Z

Weaknesses