CVE-2021-27734

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.

Published: May 17, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-27734
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
belden / hirschmann_hios	08.1.00	08.6.00
belden / hisecos	03.3.00	03.5.01.x
belden / hirschmann_hios	07.1.02	07.1.02.x
belden / hirschmann_hios	07.1.01	07.1.01.x

https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914&mediaformatid=50063&destinationid=10016

Vulnerability Database

289,697

CVE-2021-27734