CVE-2024-14033

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-14033
Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-service vulnerability in TLS session establishment. Attackers can crash the device during TLS handshake by exploiting protocol downgrades to TLS 1.0 or TLS 1.1, interrupting service availability.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://assets.belden.com/m/774d24c02be5c220/original/Belden_Security_Bulletin_BSECV-2024-16.pdf
https://www.vulncheck.com/advisories/hirschmann-industrial-it-hilcos-heap-overflow-dos
Configurations

No configuration.

History

26 May 2026, 00:16

Type Values Removed Values Added
Summary (en) Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled. (en) Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-service vulnerability in TLS session establishment. Attackers can crash the device during TLS handshake by exploiting protocol downgrades to TLS 1.0 or TLS 1.1, interrupting service availability.

03 Apr 2026, 23:17

Type Values Removed Values Added
References
  • {'url': 'https://www.belden.com/security', 'source': 'disclosure@vulncheck.com'}
  • () https://assets.belden.com/m/774d24c02be5c220/original/Belden_Security_Bulletin_BSECV-2024-16.pdf -
  • () https://www.vulncheck.com/advisories/hirschmann-industrial-it-hilcos-heap-overflow-dos -

02 Apr 2026, 22:16

Type Values Removed Values Added
Summary (en) Hirschmann Industrial IT products contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled. (en) Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash the affected device and cause service disruption, particularly in configurations where the Public Spot functionality is enabled.
References
  • {'url': 'https://assets.belden.com/m/774d24c02be5c220/original/Belden_Security_Bulletin_BSECV-2024-16.pdf', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://ssd-disclosure.com/ssd-advisory-lancom-lcos-heap-overflow/', 'source': 'disclosure@vulncheck.com'}
  • () https://www.belden.com/security -
CWE CWE-122 CWE-400

02 Apr 2026, 21:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-04-02 21:16

Updated : 2026-05-26 00:16

NVD link : CVE-2024-14033

Mitre link : CVE-2024-14033

CVE.ORG link : CVE-2024-14033

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption