Cyber Resilience

CVE-2017-20237

CriticalPublic PoC

Published: 03 April 2026

Published
03 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0096 57.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2017-20237 is a critical-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2017-20237 is an authentication bypass vulnerability affecting Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03. The flaw resides in the master service, where exposed interface methods can be invoked over the remote service without authentication. This enables unauthenticated remote attackers to execute arbitrary commands with administrative privileges, resulting in remote code execution on the underlying operating system. The vulnerability is associated with CWE-287 (Improper Authentication) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and high impact on confidentiality, integrity, and availability.

Unauthenticated attackers with network access to the affected HiVision instance can exploit this vulnerability remotely without privileges or user interaction. By invoking the exposed methods on the master service, they bypass authentication entirely and gain administrative command execution on the host OS, potentially leading to full system compromise, data exfiltration, lateral movement, or deployment of persistent malware in industrial environments.

Advisories from Belden (BSECV-2017-02) and VulnCheck detail mitigation strategies, recommending upgrades to Hirschmann Industrial HiVision version 06.0.07 or 07.0.03, where the authentication bypass has been addressed. Security practitioners should review these resources for full patch instructions and apply them promptly to vulnerable deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service…

more

to bypass authentication and achieve remote code execution on the underlying operating system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Authentication bypass in exposed master service enables unauthenticated RCE with admin privileges on a network-accessible industrial application, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059 (Command and Scripting Interpreter) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1044Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2026-7022Shared CWE-287
CVE-2024-13111Shared CWE-287
CVE-2026-29145Shared CWE-287
CVE-2018-25236Shared CWE-287
CVE-2024-53704Shared CWE-287
CVE-2024-57049Shared CWE-287
CVE-2025-12374Shared CWE-287
CVE-2025-15484Shared CWE-287

Affected Assets

Hirschmann Industrial HiVision
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates by limiting and documenting permitted actions without authentication, preventing exposure of privileged interface methods in the master service.

prevent

Enforces approved authorizations on remote service interfaces to block unauthenticated execution of arbitrary administrative commands.

prevent

Addresses the specific authentication bypass flaw through timely remediation and patching to versions 06.0.07 or 07.0.03.

References