CVE-2017-20238
HIGHCVSS v3
7.1
HIGH
EPSS Score
—
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 4/3/2026
- Last Modified
- 4/7/2026
Frequently Asked Questions
What is CVE-2017-20238?
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions.
Is CVE-2017-20238 actively exploited?
Active exploitation of CVE-2017-20238 has not been confirmed. The EPSS score is N/A%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2017-20238?
CVE-2017-20238 has a CVSS v3 base score of 7.1 (HIGH severity), with vector string 3.1.
Is CVE-2017-20238 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.