CVE-2023-7343

Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision process.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://assets.belden.com/m/774e2db2b0100bc1/original/Belden-Security-Bulletin-BSECV-2023-06.pdf
https://www.vulncheck.com/advisories/belden-industrial-hivision-arbitrary-code-execution-via-malicious-project-file

Configurations

No configuration.

History

26 May 2026, 00:16

Type	Values Removed	Values Added
Summary	(en) HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.	(en) Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision process.

03 Apr 2026, 23:17

Type	Values Removed	Values Added
References		() https://www.vulncheck.com/advisories/belden-industrial-hivision-arbitrary-code-execution-via-malicious-project-file -

02 Apr 2026, 23:17

Type	Values Removed	Values Added
Summary	(en) HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.	(en) HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.

02 Apr 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-02 20:16

Updated : 2026-05-26 00:16

NVD link : CVE-2023-7343

Mitre link : CVE-2023-7343

CVE.ORG link : CVE-2023-7343

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

7.8 /10