CVE-2018-25236
Published: 03 April 2026
Summary
CVE-2018-25236 is a critical-severity Improper Authentication (CWE-287) vulnerability in Belden (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
CVE-2018-25236 is an authentication bypass vulnerability (CWE-287) affecting the HTTP(S) management module in Hirschmann HiOS and HiSecOS products, including models RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE. The flaw stems from improper authentication handling, enabling unauthenticated remote attackers to craft specially formed HTTP requests that hijack the authentication status and privileges of a previously authenticated user, thereby gaining administrative access without valid credentials. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and lack of prerequisites.
Unauthenticated attackers with network access to the affected devices can exploit this vulnerability remotely by sending malicious HTTP requests to the management interface. Successful exploitation grants full administrative privileges, allowing arbitrary configuration changes, data access, or device compromise, with high impacts on confidentiality, integrity, and availability.
Mitigation details are outlined in vendor advisories, including Belden's Security Bulletin BSECV-2018-05 and a Vulncheck advisory, which provide guidance on patching affected HiOS and HiSecOS firmware versions. Security practitioners should consult these resources for specific upgrade instructions and temporary workarounds, such as restricting management interface access.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21730
Vulnerability details
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP…
more
requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass in exposed HTTP(S) management interface directly enables remote exploitation of a public-facing application for admin access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Access Enforcement requires systems to enforce approved authorizations for all access attempts, directly preventing unauthenticated attackers from gaining administrative privileges via authentication bypass.
Identification and Authentication mandates robust mechanisms to verify user identity before granting access, countering the improper authentication handling in the HTTP(S) management module.
Session Authenticity uniquely identifies and authenticates HTTP management sessions, mitigating hijacking of previously authenticated user privileges through crafted requests.