CVE-2021-4477 - Vulnerability Details

- Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass

Description

Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.

Published: 2026-04-03

Score: 9.3 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Hirschmann HiLCOS OpenBAT and BAT450 devices have a flaw that lets attackers avoid firewall configurations when they set up IPv6 IPsec VPN connections. The CVE allows an adversary to create IKEv1 or IKEv2 sessions that carry traffic directly into the protected network, effectively bypassing any packet filtering rules. This can expose internal hosts to undetected intrusion or data exfiltration because the firewall no longer sees the packets as originating from a prohibited source.

Affected Systems

Devices from Hirschmann under the HiLCOS OpenBAT line, including the BAT450 series. The vulnerability is present in all firmware versions of these models that still support IPv6 IPsec.

Risk and Exploitability

With a CVSS score of 9.3 the issue is considered critical. Exploitation requires only the ability to negotiate an IPv6 IPsec connection, which is typically achievable with remote network access and legitimate VPN credentials. Attackers can manipulate the connection parameters, so the exploit does not need privileged local access. The vulnerability is not listed in the CISA KEV catalog, and no EPSS score is available, but the high severity indicates a strong potential for real-world attacks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Belden

Hirschmann HiLCOS OpenBAT

unaffected

Version	Status	Constraints
`3.80-REL`	affected	—
`8.90-REL`	affected	—
`9.00-REL`	affected	—
`9.00-RU1`	affected	—
`9.10-REL`	affected	—
`9.12-REL`	affected	—
`9.12-RU1`	affected	—
`9.12-RU2`	affected	—
`9.12-RU3`	affected	—
`9.12-RU4`	affected	—
`9.12-RU5`	affected	—
`9.12-RU6`	affected	—
`9.12-RU7`	affected	—
`9.12-RU8`	affected	—
`9.12-RU9`	affected	—
`9.13-REL`	affected	—
`9.13-RU1`	affected	—
`10.12-REL`	affected	—
`10.12-RU1`	affected	—
`10.12-RU2`	unaffected	—

No data.

Vendor Product Confidence Versions

Belden

Hirschmann Hilcos Openbat

100%

Version	Status	Scheme	Platform
`3.80-REL`	affected	generic	—
`8.90-REL`	affected	generic	—
`9.00-REL`	affected	generic	—
`9.00-RU1`	affected	generic	—
`9.10-REL`	affected	generic	—
`9.12-REL`	affected	generic	—
`9.12-RU1`	affected	generic	—
`9.12-RU2`	affected	generic	—
`9.12-RU3`	affected	generic	—
`9.12-RU4`	affected	generic	—
`9.12-RU5`	affected	generic	—
`9.12-RU6`	affected	generic	—
`9.12-RU7`	affected	generic	—
`9.12-RU8`	affected	generic	—
`9.12-RU9`	affected	generic	—
`9.13-REL`	affected	generic	—
`9.13-RU1`	affected	generic	—
`10.12-REL`	affected	generic	—
`10.12-RU1`	affected	generic	—
`10.12-RU2`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check Belden/Hirschmann product documentation and apply the latest firmware update that patches the IPv6 IPsec firewall bypass. If an update is not yet released, disable or remove IPv6 IPsec support on the device until a fix is available. Consider enforcing additional filtering rules to reject VPN traffic that originates from external sources. Monitor device logs for unusual IPsec negotiations or traffic that appears to bypass the firewall.

Generated by OpenCVE AI on April 4, 2026 at 01:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00003.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf
https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass

History

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Belden Belden hirschmann Hilcos Openbat
Vendors & Products		Belden Belden hirschmann Hilcos Openbat

Mon, 06 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 03 Apr 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.
Title		Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass
Weaknesses		CWE-284
References		https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Belden Hirschmann Hilcos Openbat

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-04-03T22:37:45.879Z

Updated: 2026-04-06T13:17:07.744Z

Reserved: 2026-04-03T16:46:37.018Z

Link: CVE-2021-4477

Vulnrichment

Updated: 2026-04-06T13:17:02.444Z

NVD

Status : Awaiting Analysis

Published: 2026-04-03T23:17:01.043

Modified: 2026-04-07T13:20:55.200

Link: CVE-2021-4477

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-06T22:21:42Z

Weaknesses

CWE-284

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object