Cyber Resilience

CVE-2017-20238

HighPublic PoC

Published: 03 April 2026

Published
03 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0000 0.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-20238 is a high-severity Improper Authorization (CWE-285) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2017-20238 is an improper authorization vulnerability (CWE-285) affecting Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01. The flaw enables read-only users to bypass access control mechanisms, gaining unauthorized write access to managed devices through alternative interfaces such as the web interface or SNMP browser.

The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N). A low-privileged (read-only) user with network access can exploit it with low attack complexity and no user interaction required. Exploitation allows the attacker to modify configurations of managed devices, achieving high integrity impact alongside low confidentiality impact.

Advisories from Belden (Security Bulletin: Restricted User Roles Write Access HiVision 2017-01) and Vulncheck detail the issue and recommend upgrading to Hirschmann Industrial HiVision versions 06.0.06 or 07.0.01 to mitigate the vulnerability.

EU & UK References

Vulnerability details

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as…

more

the web interface or SNMP browser to modify device configurations despite having restricted permissions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Improper authorization (CWE-285) directly enables a low-privileged read-only user to escalate to unauthorized write access on managed devices.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-27912Shared CWE-285
CVE-2024-56320Shared CWE-285
CVE-2025-21400Shared CWE-285
CVE-2025-29922Shared CWE-285
CVE-2025-4521Shared CWE-285
CVE-2025-21275Shared CWE-285
CVE-2026-39389Shared CWE-285
CVE-2025-24053Shared CWE-285
CVE-2026-35476Shared CWE-285
CVE-2025-24418Shared CWE-285

Affected Assets

Hirschmann Industrial HiVision
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to prevent read-only users from bypassing access controls and gaining write access to managed devices via alternative interfaces.

prevent

Applies least privilege principle to restrict read-only users from performing unauthorized write operations on managed devices.

prevent

Remediates the improper authorization vulnerability by requiring timely patching to fixed Hirschmann HiVision versions 06.0.06 or 07.0.01.

References