CVE-2022-4987 - Vulnerability Details

- Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution

Description

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binary in the execution path of a configured external application, causing it to be executed instead of the intended application. This can result in execution with elevated privileges depending on the context of the external application.

Published: 2026-04-03

Score: 7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Based on the provided description, the vulnerability in Hirschmann Industrial HiVision firmware versions 08.1.03 and earlier, and 08.2.00 and earlier, allows a local attacker to exploit insufficient path sanitization when executing user‑defined external applications. By placing a malicious program in the execution path, the attacker can cause the firmware to run an unintended binary. This flaw, identified as CWE‑426 (Untrusted Control Flow), can result in arbitrary code execution with elevated privileges. Depending on the privileges granted to the external application, the attacker might gain significant control over the device; the precise scope of control is inferred from the description rather than explicitly stated.

Affected Systems

Devices running Belden Hirschmann Industrial HiVision firmware 08.1.03 or earlier versions, as well as any firmware 08.2.00 or earlier, are affected. The issue pertains to the feature that lets administrators configure external application paths.

Risk and Exploitability

The CVSS score of 7 reflects a high severity impact. The EPSS score is < 1%, and the vulnerability has not been listed in CISA's KEV catalog. The flaw is exploitable by a local attacker who has write access to the device's filesystem and can place a malicious binary in the configured execution path. Once executed, the binary runs with the privileges of the external application, potentially allowing full compromise of the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Belden

Hirschmann Industrial HiVision

affected

Version	Status	Constraints
`0`	affected	≤ 08.1.03
`08.2.00`	unaffected	—
`08.1.04`	unaffected	—

No data.

Vendor Product Confidence Versions

Belden

Hirschmann Industrial Hivision

100%

Version	Status	Scheme	Platform
`[0,08.1.03]`	affected	generic	—
`08.2.00`	unaffected	semver	—
`08.1.04`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a firmware update to version 08.1.04 or later, or 08.2.00 or later.
Restrict configuration of external applications to trusted directories only.
Verify that path sanitization is enforced when adding or modifying external application entries.
Continuously monitor the configured paths for unauthorized binaries or changes.

Generated by OpenCVE AI on May 12, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00004.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://assets.belden.com/m/62ae167036cb17c3/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-03_1v0-002-docx.pdf
https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-external-application-path-hijacking-leading-to-arbitrary-code-execution

History

Tue, 12 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV4_0 `{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Belden Belden hirschmann Industrial Hivision
Vendors & Products		Belden Belden hirschmann Industrial Hivision

Mon, 06 Apr 2026 18:00:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 03 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binary in the execution path of a configured external application, causing it to be executed instead of the intended application. This can result in execution with elevated privileges depending on the context of the external application.
Title		Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution
Weaknesses		CWE-426
References		https://assets.belden.com/m/62ae167036cb17c3/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-03_1v0-002-docx.pdf https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-external-application-path-hijacking-leading-to-arbitrary-code-execution
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Belden Hirschmann Industrial Hivision

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-04-03T20:15:24.713Z

Updated: 2026-05-14T02:06:56.767Z

Reserved: 2026-04-03T15:02:21.827Z

Link: CVE-2022-4987

Vulnrichment

Updated: 2026-04-06T16:51:16.642Z

NVD

Status : Awaiting Analysis

Published: 2026-04-03T21:17:08.420

Modified: 2026-04-07T13:20:55.200

Link: CVE-2022-4987

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T23:15:27Z

Weaknesses

CWE-426

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object