How to fix EUVD-2025-209199?

Within 24 hours: Inventory all Belden Hirschfield HiOS switches in production and identify affected versions (9.1.00-9.4.05, 10.0.00-10.3.01). Within 7 days: Implement network segmentation to restrict HTTP access to the switch web interface from untrusted networks; apply access controls limiting web interface connectivity to administrative networks only. Within 30 days: Contact Belden for patch availability timeline; evaluate firmware upgrade path to versions beyond 10.3.01 if available, or schedule replacement hardware for affected models.

EUVD-2025-209199

| CVE-2025-15620 CRITICAL

2026-04-02 VulnCheck

GHSA-f68c-94vp-f2q5

9.2

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 02, 2026 - 21:01 vuln.today

EUVD ID Assigned

Apr 02, 2026 - 21:01 euvd

EUVD-2025-209199

CVE Published

Apr 02, 2026 - 20:28 nvd

CRITICAL 9.2

Description

HiOS Switch Platform contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.

Analysis

Remote denial-of-service in Belden Hirschmann HiOS Switch Platform allows unauthenticated attackers to reboot switches via crafted HTTP GET requests to the web interface. Affects versions 9.1.00-9.4.05 and 10.0.00-10.3.01. Exploitation requires no authentication (PR:N) and low complexity (AC:L), enabling trivial service disruption of network infrastructure. CVSS 9.2 (critical) reflects high availability impact on both vulnerable component and subsequent systems. No public exploit identified at time of analysis, though the attack vector is straightforward HTTP-based.

Technical Context

This vulnerability affects the Belden Hirschmann HiOS Switch Platform (CPE: cpe:2.3:a:belden:hirschmann_hios_switch_platform), specifically the embedded web management interface on industrial Ethernet switches. The root cause is CWE-306 (Missing Authentication for Critical Function), indicating that a critical device reboot endpoint lacks proper authentication controls. The web interface accepts HTTP GET requests without validating credentials or session tokens, allowing anonymous remote attackers to invoke reboot functionality. HiOS is a proprietary operating system used in Hirschmann industrial switches for critical infrastructure and industrial control environments where device availability is paramount. The vulnerability demonstrates a fundamental security design flaw where administrative functions are exposed without authentication barriers, common in legacy industrial equipment developed before modern security frameworks became standard practice.

Affected Products

The vulnerability affects Belden Hirschmann HiOS Switch Platform versions 9.1.00 through 9.4.05 (branch 9.x) and versions 10.0.00 through 10.3.01 (branch 10.x), as documented in EUVD-2025-209199. This encompasses industrial Ethernet switches running HiOS operating system across two major version branches. The CPE identifier cpe:2.3:a:belden:hirschmann_hios_switch_platform applies to the platform broadly, with specific version ranges confirmed vulnerable. Belden's official security advisory at https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf provides authoritative vendor guidance on affected product models and firmware versions. Organizations should inventory all Hirschmann switches and verify firmware versions against these ranges to determine exposure.

Remediation

Organizations should apply vendor-supplied patches by upgrading to HiOS versions beyond 9.4.05 for the 9.x branch and beyond 10.3.01 for the 10.x branch, as referenced in the Belden PSIRT advisory at https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf. Specific patched version numbers should be obtained from the vendor advisory, which contains detailed remediation instructions. As an interim mitigation, restrict network access to the web management interface using firewall rules or VLANs to limit exposure to trusted administrative networks only, preventing unauthenticated remote access. Disable the web interface entirely if command-line or SNMP management alternatives are viable for the operational environment. Monitor switch logs for unexpected reboot events or suspicious HTTP requests to the management interface. Given the industrial control system deployment context, apply patches during scheduled maintenance windows with appropriate change control procedures to minimize operational disruption.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +46

POC: 0

EUVD-2025-209199 vulnerability details – vuln.today

Back

EUVD-2025-209199

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-209199

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code