Number: AV20-088
Date:01 April 2020
On 24 March 2020 Belden released a security bulletin to address a vulnerability affecting their HiOS and HiSecOS devices. The HTTP(S) web server of HiOS and HiSecOS devices could allow an unauthenticated, remote actor to overflow a buffer and result in the execution of arbitrary code on the target device.
The following product versions are affected:
- Hirschmann HiOS RSP 07.0.02 or lower
- Hirschmann HiOS RSPE 07.0.02 or lower
- Hirschmann HiOS RSPS 07.0.02 or lower
- Hirschmann HiOS RSPL 07.0.02 or lower
- Hirschmann HiOS MSP 07.0.02 or lower
- Hirschmann HiOS EES 07.0.02 or lower
- Hirschmann HiOS EESX 07.0.02 or lower
- Hirschmann HiOS GRS 07.0.02 or lower
- Hirschmann HiOS OS 07.0.02 or lower
- Hirschmann HiOS RED 07.0.02 or lower
- Hirschmann HiSecOS EAGLE20/30 03.2.00 or lower
The Cyber Centre encourages users to review the following bulletin and apply the necessary manufacturer recommendations:
https://www.belden.com/hubfs/support/security/bulletins/Belden_Security_Bulletin_BSECV-2020-01_1v2_FINAL.pdf
Note to Readers
The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada’s national authority on cyber security and we lead the government’s response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.