Cyber Resilience

CVE-2022-4986

HighPublic PoCDDoSUpdated

Published: 02 April 2026

Published
02 April 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0044 34.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-4986 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Beldan Eaglesdv Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2022-4986 is a denial-of-service vulnerability in Hirschmann EagleSDV version 05.4.01 prior to 05.4.02. The flaw causes the device to crash during session establishment when TLS 1.0 or TLS 1.1 protocols are used, as these deprecated versions trigger an unhandled condition that disrupts normal operation. It is classified under CWE-400 (Uncontrolled Resource Consumption) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

The vulnerability can be exploited by any unauthenticated attacker with network access to the device. By simply initiating a TLS connection using TLS 1.0 or TLS 1.1, the attacker triggers a device crash, rendering the EagleSDV unavailable and denying service to legitimate users until reboot or recovery.

Advisories recommend updating to Hirschmann EagleSDV version 05.4.02 to mitigate the issue. Key references include the Belden Security Bulletin BSECV-2022-08 (https://assets.belden.com/m/1c8fe5d916567af6/original/Belden_Security_Bulletin_BSECV-2022-08.pdf) and the VulnCheck advisory (https://www.vulncheck.com/advisories/hirschmann-eaglesdv-denial-of-service-via-tls).

EU & UK References

Vulnerability details

Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions…

more

to disrupt service availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct mapping to application/system exploitation causing crash/DoS via unauthenticated network TLS session initiation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57076Shared CWE-400
CVE-2025-25293Shared CWE-400
CVE-2025-9283Shared CWE-400
CVE-2025-59440Shared CWE-400
CVE-2026-30998Shared CWE-400
CVE-2026-41135Shared CWE-400
CVE-2025-21270Shared CWE-400
CVE-2024-57074Shared CWE-400
CVE-2025-21087Shared CWE-400
CVE-2026-27858Shared CWE-400

Affected Assets

beldan
eaglesdv firmware
≤ 05.4.02

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the vulnerability by applying the vendor patch to Hirschmann EagleSDV version 05.4.02, eliminating the crash triggered by TLS 1.0/1.1 handshakes.

prevent

Implements denial-of-service protections at network boundaries to block or mitigate TLS 1.0/1.1 connection attempts that cause device crashes.

prevent

Enforces configuration settings to disable support for deprecated TLS 1.0 and 1.1 protocols, preventing session establishment that triggers the DoS crash.

References