Hirschmann Industrial HiVision software contains a critical authentication bypass in its master service, allowing unauthenticated remote code execution with full administrative rights.

Exposed interface methods in the master service fail to enforce authentication. An unauthenticated remote attacker can invoke these methods to execute commands on the underlying operating system.

This vulnerability allows for complete control over the network management station, potentially leading to the compromise of the entire industrial control system (ICS) environment. The CVSS score of 9.8 reflects the extreme risk to operational technology (OT) environments.

Immediate Action: Upgrade Hirschmann Industrial HiVision to version 06.0.07, 07.0.03, or higher immediately to close the exposed service interfaces.

Proactive Monitoring: Inspect network traffic for unauthorized calls to the master service and monitor the host operating system for unexpected process execution.

Compensating Controls: Isolate the Industrial HiVision server within a secure management VLAN and restrict access via a firewall to only authorized administrative hosts.

Public Exploit Available: false

Unauthenticated remote code execution on a network management platform is a "crown jewel" vulnerability for attackers. Immediate patching is mandatory to prevent catastrophic unauthorized access to critical industrial infrastructure.