Search criteria
1 vulnerability found for Hirschmann HiLCOS OpenBAT, BAT450, WLC by Belden
CVE-2017-20233 (GCVE-0-2017-20233)
Vulnerability from cvelistv5 – Published: 2026-04-03 22:47 – Updated: 2026-05-25 23:40
VLAI?
Title
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass
Summary
Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall.
Severity ?
5.4 (Medium)
CWE
- CWE-284 - Improper access control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Belden | Hirschmann HiLCOS OpenBAT, BAT450, WLC |
Affected:
0 , ≤ 9.10.5126-REL
(semver)
Affected: 0 , ≤ 9.12.5500-REL (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:50:22.722467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:50:39.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiLCOS OpenBAT, BAT450, WLC",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "9.10.5126-REL",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.12.5500-REL",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiLCOS BAT867",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "9.14.5500-REL",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2017-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:40:56.325Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20233",
"datePublished": "2026-04-03T22:47:07.496Z",
"dateReserved": "2026-04-03T17:40:03.508Z",
"dateUpdated": "2026-05-25T23:40:56.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}