Cve-2024-14034 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2024-14034/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 02 Apr 2026 20:16:19 +0000Hirschmann HiEOS HTTP(S) Management Module Authentication Bypass (CVE-2024-14034)https://feed.craftedsignal.io/briefs/2026-04-hieos-auth-bypass/Thu, 02 Apr 2026 20:16:19 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-hieos-auth-bypass/Hirschmann HiEOS devices contain an authentication bypass vulnerability (CVE-2024-14034) in the HTTP(S) management module, allowing unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests.CVE-2024-14034 describes an authentication bypass vulnerability affecting Hirschmann HiEOS devices. The vulnerability resides within the HTTP(S) management module and allows unauthenticated remote attackers to gain administrative privileges. By sending specially crafted HTTP(S) requests, attackers can bypass authentication checks due to improper handling. This enables them to perform unauthorized actions such as downloading or uploading device configurations and modifying the device firmware. Successful exploitation leads to a complete compromise of the affected HiEOS device.

Attack Chain

  1. The attacker identifies a vulnerable Hirschmann HiEOS device accessible over the network via HTTP(S).
  2. The attacker crafts a malicious HTTP(S) request designed to exploit the authentication bypass. This request likely targets specific endpoints in the management module.
  3. The attacker sends the crafted HTTP(S) request to the vulnerable HiEOS device.
  4. Due to improper authentication handling, the device incorrectly processes the request, granting the attacker administrative privileges.
  5. The attacker leverages the elevated privileges to download the device configuration, potentially exposing sensitive information.
  6. The attacker modifies the device configuration, injecting malicious settings or backdoors.
  7. The attacker uploads the modified configuration to the HiEOS device, effectively compromising its functionality.
  8. Alternatively, the attacker could use their elevated privileges to upload and install a modified firmware image. This allows complete control over the device and can ensure persistence.

Impact

Successful exploitation of CVE-2024-14034 allows an unauthenticated attacker to gain full administrative control over the targeted Hirschmann HiEOS device. This can lead to device configuration modification, firmware manipulation, and potential disruption of network services relying on the compromised device. Given the nature of HiEOS devices, successful attacks can impact industrial control systems (ICS) and critical infrastructure. A CVSS v3.1 base score of 9.8 reflects the critical severity and potential impact.

Recommendation

  • Apply the patches or mitigations provided in the Belden Security Bulletin BSECV-2024-02 (reference URL in the References section) to remediate CVE-2024-14034.
  • Monitor webserver logs for unusual HTTP requests targeting the HiEOS management interface using the Sigma rule “Detect Suspicious HiEOS Management Requests”.
  • Implement network segmentation to limit the exposure of HiEOS devices and reduce the potential impact of a successful attack.
  • Regularly review and update firmware on HiEOS devices to address known vulnerabilities and improve overall security posture.
]]>criticaladvisoryauthentication bypasscve-2024-14034hieosics