{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-7342", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-01T21:24:27.566Z", "datePublished": "2026-04-02T18:27:15.226Z", "dateUpdated": "2026-05-14T02:07:08.561Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:07:08.561Z"}, "title": "Belden HiSecOS Web Server Privilege Escalation", "datePublic": "2023-01-30T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "type": "CWE"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiSecOS EAGLE", "versions": [{"status": "affected", "version": "03.4.00", "lessThanOrEqual": "04.1.00", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.</p>"}]}], "references": [{"url": "https://assets.belden.com/m/4828b7cf8b652105/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-07_1v0-docx.pdf", "name": "Belden Security Bulletins", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/belden-hisecos-web-server-privilege-escalation", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T19:15:02.644087Z", "id": "CVE-2023-7342", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:15:13.321Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7342", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T19:15:02.644087Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:15:09.121Z"}}], "cna": {"title": "Belden HiSecOS Web Server Privilege Escalation", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiSecOS EAGLE", "versions": [{"status": "affected", "version": "03.4.00", "versionType": "custom", "lessThanOrEqual": "04.1.00"}], "defaultStatus": "unaffected"}], "datePublic": "2023-01-30T00:00:00.000Z", "references": [{"url": "https://assets.belden.com/m/4828b7cf8b652105/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-07_1v0-docx.pdf", "name": "Belden Security Bulletins", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/belden-hisecos-web-server-privilege-escalation", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.", "supportingMedia": [{"type": "text/html", "value": "<p>HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:07:08.561Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7342", "state": "PUBLISHED", "dateUpdated": "2026-05-14T02:07:08.561Z", "dateReserved": "2026-04-01T21:24:27.566Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-02T18:27:15.226Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device."}], "id": "CVE-2023-7342", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-02T19:16:52.790", "references": [{"source": "disclosure@vulncheck.com", "url": "https://assets.belden.com/m/4828b7cf8b652105/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-07_1v0-docx.pdf"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/belden-hisecos-web-server-privilege-escalation"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[03.4.00,04.1.00]"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 89.0, "source": "matching"}]}, "original": {"product": "Hirschmann HiSecOS EAGLE", "source": "cna", "vendor": "Belden"}, "product": "hirschmann_hisecos", "vendor": "belden"}], "analysis": {"en": {"generated_at": "2026-04-03T01:21:57.131482+00:00", "value": {"mitigation_remediation": ["Update the device firmware to version 04.1.00 or later to patch the privilege escalation flaw.", "Restrict network access to the HiSecOS web interface to trusted users and blocks from untrusted networks.", "If a firmware update cannot be performed immediately, disable or remove any unnecessary web server services and consider isolating the device from external networks."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Belden Hirschmann HiSecOS EAGLE devices running any web server build prior to version 04.1.00, including the 03.4.00 release and subsequent 04.0.x builds. The flaw applies to all builds below 04.1.00; no specific advisory lists additional vendors or product lines.", "description_and_impact": "The vulnerability allows authenticated users with operator or auditor roles to send specially crafted packets to the HiSecOS web server and elevate their privileges to administrator. Once an attacker gains administrator access, they can fully control the device, modify system settings, access sensitive data, and potentially use the device as a pivot point for further network attacks. The weakness, identified as controlled privilege escalation, can compromise confidentiality, integrity, and availability of the system.", "risk_and_exploitability": "The CVSS score of 8.7 classifies this flaw as high severity. Exploitation requires that the attacker already possesses valid credentials with operator or auditor privileges, often limiting the threat to internal or compromised accounts. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog, yet because the flaw can grant full administrative control, the risk to exposed devices remains significant."}}}}, "created": "2026-04-03T08:58:00.871638+00:00", "updated": "2026-04-03T09:16:45.015669+00:00", "vendors": ["belden", "belden$PRODUCT$hirschmann_hisecos"]}