EUVD-2025-209199
GHSA-f68c-94vp-f2q5
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
HiOS Switch Platform contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.
Analysis
Remote denial-of-service in Belden Hirschmann HiOS Switch Platform allows unauthenticated attackers to reboot switches via crafted HTTP GET requests to the web interface. Affects versions 9.1.00-9.4.05 and 10.0.00-10.3.01. Exploitation requires no authentication (PR:N) and low complexity (AC:L), enabling trivial service disruption of network infrastructure. CVSS 9.2 (critical) reflects high availability impact on both vulnerable component and subsequent systems. No public exploit identified at time of analysis, though the attack vector is straightforward HTTP-based.
Technical Context
This vulnerability affects the Belden Hirschmann HiOS Switch Platform (CPE: cpe:2.3:a:belden:hirschmann_hios_switch_platform), specifically the embedded web management interface on industrial Ethernet switches. The root cause is CWE-306 (Missing Authentication for Critical Function), indicating that a critical device reboot endpoint lacks proper authentication controls. The web interface accepts HTTP GET requests without validating credentials or session tokens, allowing anonymous remote attackers to invoke reboot functionality. HiOS is a proprietary operating system used in Hirschmann industrial switches for critical infrastructure and industrial control environments where device availability is paramount. The vulnerability demonstrates a fundamental security design flaw where administrative functions are exposed without authentication barriers, common in legacy industrial equipment developed before modern security frameworks became standard practice.
Affected Products
The vulnerability affects Belden Hirschmann HiOS Switch Platform versions 9.1.00 through 9.4.05 (branch 9.x) and versions 10.0.00 through 10.3.01 (branch 10.x), as documented in EUVD-2025-209199. This encompasses industrial Ethernet switches running HiOS operating system across two major version branches. The CPE identifier cpe:2.3:a:belden:hirschmann_hios_switch_platform applies to the platform broadly, with specific version ranges confirmed vulnerable. Belden's official security advisory at https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf provides authoritative vendor guidance on affected product models and firmware versions. Organizations should inventory all Hirschmann switches and verify firmware versions against these ranges to determine exposure.
Remediation
Organizations should apply vendor-supplied patches by upgrading to HiOS versions beyond 9.4.05 for the 9.x branch and beyond 10.3.01 for the 10.x branch, as referenced in the Belden PSIRT advisory at https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf. Specific patched version numbers should be obtained from the vendor advisory, which contains detailed remediation instructions. As an interim mitigation, restrict network access to the web management interface using firewall rules or VLANs to limit exposure to trusted administrative networks only, preventing unauthenticated remote access. Disable the web interface entirely if command-line or SNMP management alternatives are viable for the operational environment. Monitor switch logs for unexpected reboot events or suspicious HTTP requests to the management interface. Given the industrial control system deployment context, apply patches during scheduled maintenance windows with appropriate change control procedures to minimize operational disruption.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today